cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
else if (!strcmp (*args, "-export")) export_cert = 1;
else if (!strcmp (*args, "-des")) enc=EVP_des_cbc();
+ else if (!strcmp (*args, "-des3")) enc = EVP_des_ede3_cbc();
#ifndef OPENSSL_NO_IDEA
else if (!strcmp (*args, "-idea")) enc=EVP_idea_cbc();
#endif
- else if (!strcmp (*args, "-des3")) enc = EVP_des_ede3_cbc();
+#ifndef OPENSSL_NO_SEED
+ else if (!strcmp(*args, "-seed")) enc=EVP_seed_cbc();
+#endif
#ifndef OPENSSL_NO_AES
else if (!strcmp(*args,"-aes128")) enc=EVP_aes_128_cbc();
else if (!strcmp(*args,"-aes192")) enc=EVP_aes_192_cbc();
#ifndef OPENSSL_NO_IDEA
BIO_printf (bio_err, "-idea encrypt private keys with idea\n");
#endif
+#ifndef OPENSSL_NO_SEED
+ BIO_printf (bio_err, "-seed encrypt private keys with seed\n");
+#endif
#ifndef OPENSSL_NO_AES
BIO_printf (bio_err, "-aes128, -aes192, -aes256\n");
BIO_printf (bio_err, " encrypt PEM output with cbc aes\n");
X509_free(sk_X509_value(chain2, 0));
sk_X509_free(chain2);
} else {
- BIO_printf (bio_err, "Error %s getting chain.\n",
+ if (vret >= 0)
+ BIO_printf (bio_err, "Error %s getting chain.\n",
X509_verify_cert_error_string(vret));
+ else
+ ERR_print_errors(bio_err);
goto export_end;
}
}
{
X509_STORE_CTX store_ctx;
STACK_OF(X509) *chn;
- int i;
+ int i = 0;
/* FIXME: Should really check the return status of X509_STORE_CTX_init
* for an error, but how that fits into the return value of this
X509_STORE_CTX_init(&store_ctx, store, cert, NULL);
if (X509_verify_cert(&store_ctx) <= 0) {
i = X509_STORE_CTX_get_error (&store_ctx);
+ if (i == 0)
+ /* avoid returning 0 if X509_verify_cert() did not
+ * set an appropriate error value in the context */
+ i = -1;
+ chn = NULL;
goto err;
- }
- chn = X509_STORE_CTX_get1_chain(&store_ctx);
- i = 0;
- *chain = chn;
+ } else
+ chn = X509_STORE_CTX_get1_chain(&store_ctx);
err:
X509_STORE_CTX_cleanup(&store_ctx);
+ *chain = chn;
return i;
}