static SECStatus
ssl_PopulateServerCert(sslServerCert *sc, CERTCertificate *cert,
const CERTCertificateList *certChain)
{
if (sc->serverCert) {
CERT_DestroyCertificate(sc->serverCert);
}
if (sc->serverCertChain) {
CERT_DestroyCertificateList(sc->serverCertChain);
}
if (!cert) {
sc->serverCert = NULL;
sc->serverCertChain = NULL;
return SECSuccess;
}
sc->serverCert = CERT_DupCertificate(cert);
if (certChain) {
sc->serverCertChain = CERT_DupCertList(certChain);
} else {
sc->serverCertChain =
CERT_CertChainFromCert(sc->serverCert, certUsageSSLServer,
PR_TRUE);
}
return sc->serverCertChain ? SECSuccess : SECFailure;
}
/*
* NSS_CMSSignerInfo_IncludeCerts - set cert chain inclusion mode for this signer
*/
SECStatus
NSS_CMSSignerInfo_IncludeCerts(NSSCMSSignerInfo *signerinfo, NSSCMSCertChainMode cm, SECCertUsage usage)
{
if (signerinfo->cert == NULL)
return SECFailure;
/* don't leak if we get called twice */
if (signerinfo->certList != NULL) {
CERT_DestroyCertificateList(signerinfo->certList);
signerinfo->certList = NULL;
}
switch (cm) {
case NSSCMSCM_None:
signerinfo->certList = NULL;
break;
case NSSCMSCM_CertOnly:
signerinfo->certList = CERT_CertListFromCert(signerinfo->cert);
break;
case NSSCMSCM_CertChain:
signerinfo->certList = CERT_CertChainFromCert(signerinfo->cert, usage, PR_FALSE);
break;
case NSSCMSCM_CertChainWithRoot:
signerinfo->certList = CERT_CertChainFromCert(signerinfo->cert, usage, PR_TRUE);
break;
}
if (cm != NSSCMSCM_None && signerinfo->certList == NULL)
return SECFailure;
return SECSuccess;
}
