- if (ServerCertificate[0] != '/')
- cupsdSetStringf(&ServerCertificate, "%s/%s", ServerRoot, ServerCertificate);
-
- if (!strncmp(ServerRoot, ServerCertificate, strlen(ServerRoot)) &&
- cupsdCheckPermissions(ServerCertificate, NULL, 0600, RunUser, Group,
- 0, 0) < 0 &&
- (FatalErrors & CUPSD_FATAL_PERMISSIONS))
- return (0);
-
-# if defined(HAVE_LIBSSL) || defined(HAVE_GNUTLS)
- if (ServerKey[0] != '/')
- cupsdSetStringf(&ServerKey, "%s/%s", ServerRoot, ServerKey);
-
- if (!strncmp(ServerRoot, ServerKey, strlen(ServerRoot)) &&
- cupsdCheckPermissions(ServerKey, NULL, 0600, RunUser, Group, 0, 0) < 0 &&
- (FatalErrors & CUPSD_FATAL_PERMISSIONS))
- return (0);
-# endif /* HAVE_LIBSSL || HAVE_GNUTLS */
+ if (!_cups_strcasecmp(ServerKeychain, "internal"))
+ cupsdClearString(&ServerKeychain);
+ else if (ServerKeychain[0] != '/')
+ cupsdSetStringf(&ServerKeychain, "%s/%s", ServerRoot, ServerKeychain);
+
+ cupsdLogMessage(CUPSD_LOG_DEBUG, "Using keychain \"%s\" for server name \"%s\".", ServerKeychain ? ServerKeychain : "internal", ServerName);
+ if (!CreateSelfSignedCerts)
+ cupsdLogMessage(CUPSD_LOG_DEBUG, "Self-signed TLS certificate generation is disabled.");
+ cupsSetServerCredentials(ServerKeychain, ServerName, CreateSelfSignedCerts);