Fix problem with multi line responses in -starttls by using a buffering

[openssl.git] / apps / pkcs12.c

diff --git a/apps/pkcs12.c b/apps/pkcs12.c
index 308f9208a11713e6fcde6a2e0278bdc79cf12b93..d5873e93d498ea47bc954381e4da96f7405133ae 100644 (file)
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@@ -180,7 +180,8 @@ int MAIN(int argc, char **argv)
                                args++;
                                if (!strcmp(*args, "NONE"))
                                        cert_pbe = -1;
-                               cert_pbe=OBJ_txt2nid(*args);
+                               else
+                                       cert_pbe=OBJ_txt2nid(*args);
                                if(cert_pbe == NID_undef) {
                                        BIO_printf(bio_err,
                                                 "Unknown PBE algorithm %s\n", *args);
@@ -535,8 +536,11 @@ int MAIN(int argc, char **argv)
                    X509_free(sk_X509_value(chain2, 0));
                    sk_X509_free(chain2);
                } else {
-                       BIO_printf (bio_err, "Error %s getting chain.\n",
+                       if (vret >= 0)
+                               BIO_printf (bio_err, "Error %s getting chain.\n",
                                        X509_verify_cert_error_string(vret));
+                       else
+                               ERR_print_errors(bio_err);
                        goto export_end;
                }                       
        }
@@ -810,7 +814,7 @@ int get_cert_chain (X509 *cert, X509_STORE *store, STACK_OF(X509) **chain)
 {
        X509_STORE_CTX store_ctx;
        STACK_OF(X509) *chn;
-       int i;
+       int i = 0;
 
        /* FIXME: Should really check the return status of X509_STORE_CTX_init
         * for an error, but how that fits into the return value of this
@@ -818,13 +822,17 @@ int get_cert_chain (X509 *cert, X509_STORE *store, STACK_OF(X509) **chain)
        X509_STORE_CTX_init(&store_ctx, store, cert, NULL);
        if (X509_verify_cert(&store_ctx) <= 0) {
                i = X509_STORE_CTX_get_error (&store_ctx);
+               if (i == 0)
+                       /* avoid returning 0 if X509_verify_cert() did not
+                        * set an appropriate error value in the context */
+                       i = -1;
+               chn = NULL;
                goto err;
-       }
-       chn =  X509_STORE_CTX_get1_chain(&store_ctx);
-       i = 0;
-       *chain = chn;
+       } else
+               chn = X509_STORE_CTX_get1_chain(&store_ctx);
 err:
        X509_STORE_CTX_cleanup(&store_ctx);
+       *chain = chn;
        
        return i;
 }