/* * Allow the application to pass the set of trust anchors */ SECStatus SSL_SetTrustAnchors(PRFileDesc *fd, CERTCertList *certList) { sslSocket *ss = ssl_FindSocket(fd); CERTDistNames *names = NULL; if (!certList) { PORT_SetError(SEC_ERROR_INVALID_ARGS); return SECFailure; } if (!ss) { SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetTrustAnchors", SSL_GETPID(), fd)); return SECFailure; } names = CERT_DistNamesFromCertList(certList); if (names == NULL) { return SECFailure; } ssl_Get1stHandshakeLock(ss); ssl_GetSSL3HandshakeLock(ss); if (ss->ssl3.ca_list) { CERT_FreeDistNames(ss->ssl3.ca_list); } ss->ssl3.ca_list = names; ssl_ReleaseSSL3HandshakeLock(ss); ssl_Release1stHandshakeLock(ss); return SECSuccess; }
static SECStatus serverCAListShutdown(void* appData, void* nssData) { PORT_Assert(ssl3_server_ca_list); if (ssl3_server_ca_list) { CERT_FreeDistNames(ssl3_server_ca_list); ssl3_server_ca_list = NULL; } setupServerCAListOnce = pristineCallOnce; return SECSuccess; }