Fix CRL printing to correctly show when there are no revoked certificates.

[openssl.git] / crypto / pkcs12 / p12_crt.c

diff --git a/crypto/pkcs12/p12_crt.c b/crypto/pkcs12/p12_crt.c
index 37850a089b9038d8e6913cdbdaf097f0d78be63b..4c36c643ce683b2222126255c637c6066c52a791 100644 (file)
--- a/crypto/pkcs12/p12_crt.c
+++ b/crypto/pkcs12/p12_crt.c
@@ -66,7 +66,7 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
 {
        PKCS12 *p12;
        STACK_OF(PKCS12_SAFEBAG) *bags;
-       STACK *safes;
+       STACK_OF(PKCS7) *safes;
        PKCS12_SAFEBAG *bag;
        PKCS8_PRIV_KEY_INFO *p8;
        PKCS7 *authsafe;
@@ -86,13 +86,15 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
                return NULL;
        }
 
-       if(!(bags = sk_PKCS12_SAFEBAG_new (NULL))) {
+       if(!X509_check_private_key(cert, pkey)) return NULL;
+
+       if(!(bags = sk_PKCS12_SAFEBAG_new_null ())) {
                PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE);
                return NULL;
        }
 
        /* Add user certificate */
-       if(!(bag = M_PKCS12_x5092certbag(cert))) return NULL;
+       if(!(bag = PKCS12_x5092certbag(cert))) return NULL;
        if(name && !PKCS12_add_friendlyname(bag, name, -1)) return NULL;
        X509_digest(cert, EVP_sha1(), keyid, &keyidlen);
        if(!PKCS12_add_localkeyid(bag, keyid, keyidlen)) return NULL;
@@ -106,7 +108,7 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
        if(ca) {
                for(i = 0; i < sk_X509_num(ca); i++) {
                        tcert = sk_X509_value(ca, i);
-                       if(!(bag = M_PKCS12_x5092certbag(tcert))) return NULL;
+                       if(!(bag = PKCS12_x5092certbag(tcert))) return NULL;
                        if(!sk_PKCS12_SAFEBAG_push(bags, bag)) {
                                PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE);
                                return NULL;
@@ -121,7 +123,8 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
 
        if (!authsafe) return NULL;
 
-       if(!(safes = sk_new (NULL)) || !sk_push(safes, (char *)authsafe)) {
+       if(!(safes = sk_PKCS7_new_null ())
+          || !sk_PKCS7_push(safes, authsafe)) {
                PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE);
                return NULL;
        }
@@ -134,7 +137,7 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
        PKCS8_PRIV_KEY_INFO_free(p8);
         if (name && !PKCS12_add_friendlyname (bag, name, -1)) return NULL;
        if(!PKCS12_add_localkeyid (bag, keyid, keyidlen)) return NULL;
-       if(!(bags = sk_PKCS12_SAFEBAG_new(NULL))
+       if(!(bags = sk_PKCS12_SAFEBAG_new_null())
           || !sk_PKCS12_SAFEBAG_push (bags, bag)) {
                PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE);
                return NULL;
@@ -142,16 +145,16 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
        /* Turn it into unencrypted safe bag */
        if(!(authsafe = PKCS12_pack_p7data (bags))) return NULL;
        sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
-       if(!sk_push(safes, (char *)authsafe)) {
+       if(!sk_PKCS7_push(safes, authsafe)) {
                PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE);
                return NULL;
        }
 
        if(!(p12 = PKCS12_init (NID_pkcs7_data))) return NULL;
 
-       if(!M_PKCS12_pack_authsafes (p12, safes)) return NULL;
+       if(!PKCS12_pack_authsafes (p12, safes)) return NULL;
 
-       sk_pop_free(safes, (void(*)(void *)) PKCS7_free);
+       sk_PKCS7_pop_free(safes, PKCS7_free);
 
        if(!PKCS12_set_mac (p12, pass, -1, NULL, 0, mac_iter, NULL))
            return NULL;