static SECStatus ssl_PopulateServerCert(sslServerCert *sc, CERTCertificate *cert, const CERTCertificateList *certChain) { if (sc->serverCert) { CERT_DestroyCertificate(sc->serverCert); } if (sc->serverCertChain) { CERT_DestroyCertificateList(sc->serverCertChain); } if (!cert) { sc->serverCert = NULL; sc->serverCertChain = NULL; return SECSuccess; } sc->serverCert = CERT_DupCertificate(cert); if (certChain) { sc->serverCertChain = CERT_DupCertList(certChain); } else { sc->serverCertChain = CERT_CertChainFromCert(sc->serverCert, certUsageSSLServer, PR_TRUE); } return sc->serverCertChain ? SECSuccess : SECFailure; }
sslServerCert * ssl_CopyServerCert(const sslServerCert *oc) { sslServerCert *sc; sc = ssl_NewServerCert(&oc->certType); if (!sc) { return NULL; } if (oc->serverCert && oc->serverCertChain) { sc->serverCert = CERT_DupCertificate(oc->serverCert); if (!sc->serverCert) goto loser; sc->serverCertChain = CERT_DupCertList(oc->serverCertChain); if (!sc->serverCertChain) goto loser; } else { sc->serverCert = NULL; sc->serverCertChain = NULL; } if (oc->serverKeyPair) { sc->serverKeyPair = ssl_GetKeyPairRef(oc->serverKeyPair); if (!sc->serverKeyPair) goto loser; } else { sc->serverKeyPair = NULL; } sc->serverKeyBits = oc->serverKeyBits; if (oc->certStatusArray) { sc->certStatusArray = SECITEM_DupArray(NULL, oc->certStatusArray); if (!sc->certStatusArray) goto loser; } else { sc->certStatusArray = NULL; } if (SECITEM_CopyItem(NULL, &sc->signedCertTimestamps, &oc->signedCertTimestamps) != SECSuccess) goto loser; return sc; loser: ssl_FreeServerCert(sc); return NULL; }
SECStatus ssl_ConfigSecureServer(sslSocket *ss, CERTCertificate *cert, const CERTCertificateList *certChain, ssl3KeyPair *keyPair, SSLKEAType kea) { CERTCertificateList *localCertChain = NULL; sslServerCerts *sc = ss->serverCerts + kea; /* load the server certificate */ if (sc->serverCert != NULL) { CERT_DestroyCertificate(sc->serverCert); sc->serverCert = NULL; sc->serverKeyBits = 0; } /* load the server cert chain */ if (sc->serverCertChain != NULL) { CERT_DestroyCertificateList(sc->serverCertChain); sc->serverCertChain = NULL; } if (cert) { sc->serverCert = CERT_DupCertificate(cert); /* get the size of the cert's public key, and remember it */ sc->serverKeyBits = SECKEY_PublicKeyStrengthInBits(keyPair->pubKey); if (!certChain) { localCertChain = CERT_CertChainFromCert(sc->serverCert, certUsageSSLServer, PR_TRUE); if (!localCertChain) goto loser; } sc->serverCertChain = (certChain) ? CERT_DupCertList(certChain) : localCertChain; if (!sc->serverCertChain) { goto loser; } localCertChain = NULL; /* consumed */ } /* get keyPair */ if (sc->serverKeyPair != NULL) { ssl3_FreeKeyPair(sc->serverKeyPair); sc->serverKeyPair = NULL; } if (keyPair) { SECKEY_CacheStaticFlags(keyPair->privKey); sc->serverKeyPair = ssl3_GetKeyPairRef(keyPair); } if (kea == kt_rsa && cert && sc->serverKeyBits > 512 && !ss->opt.noStepDown && !ss->stepDownKeyPair) { if (ssl3_CreateRSAStepDownKeys(ss) != SECSuccess) { goto loser; } } return SECSuccess; loser: if (localCertChain) { CERT_DestroyCertificateList(localCertChain); } if (sc->serverCert != NULL) { CERT_DestroyCertificate(sc->serverCert); sc->serverCert = NULL; } if (sc->serverCertChain != NULL) { CERT_DestroyCertificateList(sc->serverCertChain); sc->serverCertChain = NULL; } if (sc->serverKeyPair != NULL) { ssl3_FreeKeyPair(sc->serverKeyPair); sc->serverKeyPair = NULL; } return SECFailure; }