#include <openssl/err.h>
#include <openssl/pem.h>
#include <openssl/pkcs12.h>
-#include <openssl/engine.h>
#define PROG pkcs12_main
else if (!strcmp (*args, "-idea")) enc=EVP_idea_cbc();
#endif
else if (!strcmp (*args, "-des3")) enc = EVP_des_ede3_cbc();
+#ifndef OPENSSL_NO_AES
+ else if (!strcmp(*argv,"-aes128")) enc=EVP_aes_128_cbc();
+ else if (!strcmp(*argv,"-aes192")) enc=EVP_aes_192_cbc();
+ else if (!strcmp(*argv,"-aes256")) enc=EVP_aes_256_cbc();
+#endif
else if (!strcmp (*args, "-noiter")) iter = 1;
else if (!strcmp (*args, "-maciter"))
maciter = PKCS12_DEFAULT_ITER;
BIO_printf (bio_err, "-des3 encrypt private keys with triple DES (default)\n");
#ifndef OPENSSL_NO_IDEA
BIO_printf (bio_err, "-idea encrypt private keys with idea\n");
+#endif
+#ifndef OPENSSL_NO_AES
+ BIO_printf (bio_err, "-aes128, -aes192, -aes256\n");
+ BIO_printf (bio_err, " encrypt PEM output with cbc aes\n");
#endif
BIO_printf (bio_err, "-nodes don't encrypt private keys\n");
BIO_printf (bio_err, "-noiter don't use encryption iteration\n");
/* Add any more certificates asked for */
if (certfile) {
- if(!(certs = load_certs(bio_err, certfile, FORMAT_PEM, NULL, e,
- "certificates from certfile"))) {
+ STACK_OF(X509) *morecerts=NULL;
+ if(!(morecerts = load_certs(bio_err, certfile, FORMAT_PEM,
+ NULL, e,
+ "certificates from certfile"))) {
goto export_end;
}
+ while(sk_X509_num(morecerts) > 0) {
+ sk_X509_push(certs, sk_X509_shift(morecerts));
+ }
+ sk_X509_free(morecerts);
}
#ifdef CRYPTO_MDEBUG