static SECStatus
ssl_PopulateServerCert(sslServerCert *sc, CERTCertificate *cert,
const CERTCertificateList *certChain)
{
if (sc->serverCert) {
CERT_DestroyCertificate(sc->serverCert);
}
if (sc->serverCertChain) {
CERT_DestroyCertificateList(sc->serverCertChain);
}
if (!cert) {
sc->serverCert = NULL;
sc->serverCertChain = NULL;
return SECSuccess;
}
sc->serverCert = CERT_DupCertificate(cert);
if (certChain) {
sc->serverCertChain = CERT_DupCertList(certChain);
} else {
sc->serverCertChain =
CERT_CertChainFromCert(sc->serverCert, certUsageSSLServer,
PR_TRUE);
}
return sc->serverCertChain ? SECSuccess : SECFailure;
}
sslServerCert *
ssl_CopyServerCert(const sslServerCert *oc)
{
sslServerCert *sc;
sc = ssl_NewServerCert(&oc->certType);
if (!sc) {
return NULL;
}
if (oc->serverCert && oc->serverCertChain) {
sc->serverCert = CERT_DupCertificate(oc->serverCert);
if (!sc->serverCert)
goto loser;
sc->serverCertChain = CERT_DupCertList(oc->serverCertChain);
if (!sc->serverCertChain)
goto loser;
} else {
sc->serverCert = NULL;
sc->serverCertChain = NULL;
}
if (oc->serverKeyPair) {
sc->serverKeyPair = ssl_GetKeyPairRef(oc->serverKeyPair);
if (!sc->serverKeyPair)
goto loser;
} else {
sc->serverKeyPair = NULL;
}
sc->serverKeyBits = oc->serverKeyBits;
if (oc->certStatusArray) {
sc->certStatusArray = SECITEM_DupArray(NULL, oc->certStatusArray);
if (!sc->certStatusArray)
goto loser;
} else {
sc->certStatusArray = NULL;
}
if (SECITEM_CopyItem(NULL, &sc->signedCertTimestamps,
&oc->signedCertTimestamps) != SECSuccess)
goto loser;
return sc;
loser:
ssl_FreeServerCert(sc);
return NULL;
}
SECStatus
ssl_ConfigSecureServer(sslSocket *ss, CERTCertificate *cert,
const CERTCertificateList *certChain,
ssl3KeyPair *keyPair, SSLKEAType kea)
{
CERTCertificateList *localCertChain = NULL;
sslServerCerts *sc = ss->serverCerts + kea;
/* load the server certificate */
if (sc->serverCert != NULL) {
CERT_DestroyCertificate(sc->serverCert);
sc->serverCert = NULL;
sc->serverKeyBits = 0;
}
/* load the server cert chain */
if (sc->serverCertChain != NULL) {
CERT_DestroyCertificateList(sc->serverCertChain);
sc->serverCertChain = NULL;
}
if (cert) {
sc->serverCert = CERT_DupCertificate(cert);
/* get the size of the cert's public key, and remember it */
sc->serverKeyBits = SECKEY_PublicKeyStrengthInBits(keyPair->pubKey);
if (!certChain) {
localCertChain =
CERT_CertChainFromCert(sc->serverCert, certUsageSSLServer,
PR_TRUE);
if (!localCertChain)
goto loser;
}
sc->serverCertChain = (certChain) ? CERT_DupCertList(certChain) :
localCertChain;
if (!sc->serverCertChain) {
goto loser;
}
localCertChain = NULL; /* consumed */
}
/* get keyPair */
if (sc->serverKeyPair != NULL) {
ssl3_FreeKeyPair(sc->serverKeyPair);
sc->serverKeyPair = NULL;
}
if (keyPair) {
SECKEY_CacheStaticFlags(keyPair->privKey);
sc->serverKeyPair = ssl3_GetKeyPairRef(keyPair);
}
if (kea == kt_rsa && cert && sc->serverKeyBits > 512 &&
!ss->opt.noStepDown && !ss->stepDownKeyPair) {
if (ssl3_CreateRSAStepDownKeys(ss) != SECSuccess) {
goto loser;
}
}
return SECSuccess;
loser:
if (localCertChain) {
CERT_DestroyCertificateList(localCertChain);
}
if (sc->serverCert != NULL) {
CERT_DestroyCertificate(sc->serverCert);
sc->serverCert = NULL;
}
if (sc->serverCertChain != NULL) {
CERT_DestroyCertificateList(sc->serverCertChain);
sc->serverCertChain = NULL;
}
if (sc->serverKeyPair != NULL) {
ssl3_FreeKeyPair(sc->serverKeyPair);
sc->serverKeyPair = NULL;
}
return SECFailure;
}
