Make indentation style self-consistent: 4 spaces per indent.
authornelsonb%netscape.com
Tue, 08 Oct 2002 03:39:50 +0000
changeset 3692 9935589eb856ab237face641c69bf2210983bbc0
parent 3691 c19e5de3d9f4423ca428c5aa5b28cd76c616d6f4
child 3693 1c29839a21950305edddf749a1faf5284c9a21e0
push idunknown
push userunknown
push dateunknown
bugs172036
Make indentation style self-consistent: 4 spaces per indent. Save error code at the beginning of printCertProblems, and restore it at the end, since CERT_VerifyCert nearly always sets the error code to -8157 Certificate extension not found when building an error log. Bug 172036.
security/nss/cmd/vfyserv/vfyutil.c
--- a/security/nss/cmd/vfyserv/vfyutil.c
+++ b/security/nss/cmd/vfyserv/vfyutil.c
@@ -35,40 +35,40 @@
 #include "secerr.h"
 #include "sslerr.h"
 #include "nspr.h"
 #include "secutil.h"
 
 /* Declare SSL cipher suites. */
 
 int ssl2CipherSuites[] = {
-	SSL_EN_RC4_128_WITH_MD5,              /* A */
-	SSL_EN_RC4_128_EXPORT40_WITH_MD5,     /* B */
-	SSL_EN_RC2_128_CBC_WITH_MD5,          /* C */
-	SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5, /* D */
-	SSL_EN_DES_64_CBC_WITH_MD5,           /* E */
-	SSL_EN_DES_192_EDE3_CBC_WITH_MD5,     /* F */
-	0
+    SSL_EN_RC4_128_WITH_MD5,              /* A */
+    SSL_EN_RC4_128_EXPORT40_WITH_MD5,     /* B */
+    SSL_EN_RC2_128_CBC_WITH_MD5,          /* C */
+    SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5, /* D */
+    SSL_EN_DES_64_CBC_WITH_MD5,           /* E */
+    SSL_EN_DES_192_EDE3_CBC_WITH_MD5,     /* F */
+    0
 };
 
 int ssl3CipherSuites[] = {
-	SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA, /* a */
-	SSL_FORTEZZA_DMS_WITH_RC4_128_SHA,      /* b */
-	SSL_RSA_WITH_RC4_128_MD5,               /* c */
-	SSL_RSA_WITH_3DES_EDE_CBC_SHA,          /* d */
-	SSL_RSA_WITH_DES_CBC_SHA,               /* e */
-	SSL_RSA_EXPORT_WITH_RC4_40_MD5,         /* f */
-	SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5,     /* g */
-	SSL_FORTEZZA_DMS_WITH_NULL_SHA,         /* h */
-	SSL_RSA_WITH_NULL_MD5,                  /* i */
-	SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,     /* j */
-	SSL_RSA_FIPS_WITH_DES_CBC_SHA,          /* k */
-	TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA,    /* l */
-	TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,     /* m */
-	0
+    SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA, /* a */
+    SSL_FORTEZZA_DMS_WITH_RC4_128_SHA,      /* b */
+    SSL_RSA_WITH_RC4_128_MD5,               /* c */
+    SSL_RSA_WITH_3DES_EDE_CBC_SHA,          /* d */
+    SSL_RSA_WITH_DES_CBC_SHA,               /* e */
+    SSL_RSA_EXPORT_WITH_RC4_40_MD5,         /* f */
+    SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5,     /* g */
+    SSL_FORTEZZA_DMS_WITH_NULL_SHA,         /* h */
+    SSL_RSA_WITH_NULL_MD5,                  /* i */
+    SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,     /* j */
+    SSL_RSA_FIPS_WITH_DES_CBC_SHA,          /* k */
+    TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA,    /* l */
+    TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,     /* m */
+    0
 };
 
 /**************************************************************************
 ** 
 ** SSL callback routines.
 **
 **************************************************************************/
 
@@ -77,91 +77,90 @@ int ssl3CipherSuites[] = {
  * Purpose: This function is our custom password handler that is called by
  * SSL when retreiving private certs and keys from the database. Returns a
  * pointer to a string that with a password for the database. Password pointer
  * should point to dynamically allocated memory that will be freed later.
  */
 char *
 myPasswd(PK11SlotInfo *info, PRBool retry, void *arg)
 {
-	char * passwd = NULL;
+    char * passwd = NULL;
 
-	if ( (!retry) && arg ) {
-		passwd = PORT_Strdup((char *)arg);
-	}
-
-	return passwd;
+    if ( (!retry) && arg ) {
+	passwd = PORT_Strdup((char *)arg);
+    }
+    return passwd;
 }
 
 /* Function: SECStatus myAuthCertificate()
  *
  * Purpose: This function is our custom certificate authentication handler.
  * 
  * Note: This implementation is essentially the same as the default 
  *       SSL_AuthCertificate().
  */
 SECStatus 
 myAuthCertificate(void *arg, PRFileDesc *socket, 
                   PRBool checksig, PRBool isServer) 
 {
 
-	SECCertUsage        certUsage;
-	CERTCertificate *   cert;
-	void *              pinArg;
-	char *              hostName;
-	SECStatus           secStatus;
-
-	if (!arg || !socket) {
-		errWarn("myAuthCertificate");
-		return SECFailure;
-	}
+    SECCertUsage        certUsage;
+    CERTCertificate *   cert;
+    void *              pinArg;
+    char *              hostName;
+    SECStatus           secStatus;
 
-	/* Define how the cert is being used based upon the isServer flag. */
-
-	certUsage = isServer ? certUsageSSLClient : certUsageSSLServer;
+    if (!arg || !socket) {
+	errWarn("myAuthCertificate");
+	return SECFailure;
+    }
 
-	cert = SSL_PeerCertificate(socket);
-	
-	pinArg = SSL_RevealPinArg(socket);
+    /* Define how the cert is being used based upon the isServer flag. */
 
-	secStatus = CERT_VerifyCertNow((CERTCertDBHandle *)arg,
-	                               cert,
-	                               checksig,
-	                               certUsage,
-	                               pinArg);
+    certUsage = isServer ? certUsageSSLClient : certUsageSSLServer;
 
-	/* If this is a server, we're finished. */
-	if (isServer || secStatus != SECSuccess) {
-		printCertProblems(stderr, (CERTCertDBHandle *)arg, cert, 
-					checksig, certUsage, pinArg);
-		CERT_DestroyCertificate(cert);
-		return secStatus;
-	}
-
-	/* Certificate is OK.  Since this is the client side of an SSL
-	 * connection, we need to verify that the name field in the cert
-	 * matches the desired hostname.  This is our defense against
-	 * man-in-the-middle attacks.
-	 */
+    cert = SSL_PeerCertificate(socket);
+	
+    pinArg = SSL_RevealPinArg(socket);
 
-	/* SSL_RevealURL returns a hostName, not an URL. */
-	hostName = SSL_RevealURL(socket);
+    secStatus = CERT_VerifyCertNow((CERTCertDBHandle *)arg,
+				   cert,
+				   checksig,
+				   certUsage,
+				   pinArg);
 
-	if (hostName && hostName[0]) {
-		secStatus = CERT_VerifyCertName(cert, hostName);
-	} else {
-		PR_SetError(SSL_ERROR_BAD_CERT_DOMAIN, 0);
-		secStatus = SECFailure;
-	}
-
-	if (hostName)
-		PR_Free(hostName);
-
+    /* If this is a server, we're finished. */
+    if (isServer || secStatus != SECSuccess) {
+	printCertProblems(stderr, (CERTCertDBHandle *)arg, cert, 
+			  checksig, certUsage, pinArg);
 	CERT_DestroyCertificate(cert);
 	return secStatus;
+    }
+
+    /* Certificate is OK.  Since this is the client side of an SSL
+     * connection, we need to verify that the name field in the cert
+     * matches the desired hostname.  This is our defense against
+     * man-in-the-middle attacks.
+     */
+
+    /* SSL_RevealURL returns a hostName, not an URL. */
+    hostName = SSL_RevealURL(socket);
+
+    if (hostName && hostName[0]) {
+	secStatus = CERT_VerifyCertName(cert, hostName);
+    } else {
+	PR_SetError(SSL_ERROR_BAD_CERT_DOMAIN, 0);
+	secStatus = SECFailure;
+    }
+
+    if (hostName)
+	PR_Free(hostName);
+
+    CERT_DestroyCertificate(cert);
+    return secStatus;
 }
 
 /* Function: SECStatus myBadCertHandler()
  *
  * Purpose: This callback is called when the incoming certificate is not
  * valid. We define a certain set of parameters that still cause the
  * certificate to be "valid" for this session, and return SECSuccess to cause
  * the server to continue processing the request when any of these conditions
@@ -173,17 +172,17 @@ myBadCertHandler(void *arg, PRFileDesc *
 {
 
     SECStatus	secStatus = SECFailure;
     PRErrorCode	err;
 
     /* log invalid cert here */
 
     if (!arg) {
-		return secStatus;
+	return secStatus;
     }
 
     *(PRErrorCode *)arg = err = PORT_GetError();
 
     /* If any of the cases in the switch are met, then we will proceed   */
     /* with the processing of the request anyway. Otherwise, the default */	
     /* case will be reached and we will reject the request.              */
 
@@ -197,20 +196,20 @@ myBadCertHandler(void *arg, PRFileDesc *
     case SEC_ERROR_CERT_VALID:
     case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE:
     case SEC_ERROR_CRL_EXPIRED:
     case SEC_ERROR_CRL_BAD_SIGNATURE:
     case SEC_ERROR_EXTENSION_VALUE_INVALID:
     case SEC_ERROR_CA_CERT_INVALID:
     case SEC_ERROR_CERT_USAGES_INVALID:
     case SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION:
-		secStatus = SECSuccess;
+	secStatus = SECSuccess;
 	break;
     default:
-		secStatus = SECFailure;
+	secStatus = SECFailure;
 	break;
     }
 
     fprintf(stderr, "Bad certificate: %d, %s\n", err, SECU_Strerror(err));
 
     return secStatus;
 }
 
@@ -231,25 +230,25 @@ myGetClientAuthData(void *arg,
     SECKEYPrivateKey * privKey;
     char *             chosenNickName = (char *)arg;
     void *             proto_win      = NULL;
     SECStatus          secStatus      = SECFailure;
 
     proto_win = SSL_RevealPinArg(socket);
 
     if (chosenNickName) {
-		cert = PK11_FindCertFromNickname(chosenNickName, proto_win);
-		if (cert) {
-		    privKey = PK11_FindKeyByAnyCert(cert, proto_win);
-		    if (privKey) {
-				secStatus = SECSuccess;
-		    } else {
-				CERT_DestroyCertificate(cert);
-		    }
-		}
+	cert = PK11_FindCertFromNickname(chosenNickName, proto_win);
+	if (cert) {
+	    privKey = PK11_FindKeyByAnyCert(cert, proto_win);
+	    if (privKey) {
+		secStatus = SECSuccess;
+	    } else {
+		CERT_DestroyCertificate(cert);
+	    }
+	}
     } else { /* no nickname given, automatically find the right cert */
 	CERTCertNicknames *names;
 	int                i;
 
 	names = CERT_GetCertNicknames(CERT_GetDefaultCertDB(), 
 				      SEC_CERT_NICKNAMES_USER, proto_win);
 
 	if (names != NULL) {
@@ -278,18 +277,18 @@ myGetClientAuthData(void *arg,
 		    break;
 		}
 		CERT_FreeNicknames(names);
 	    } /* for loop */
 	}
     }
 
     if (secStatus == SECSuccess) {
-		*pRetCert = cert;
-		*pRetKey  = privKey;
+	*pRetCert = cert;
+	*pRetKey  = privKey;
     }
 
     return secStatus;
 }
 
 /* Function: SECStatus myHandshakeCallback()
  *
  * Purpose: Called by SSL to inform application that the handshake is
@@ -352,256 +351,256 @@ disableAllSSLCiphers(void)
 ** 
 ** Error and information routines.
 **
 **************************************************************************/
 
 void
 errWarn(char *function)
 {
-	PRErrorCode  errorNumber = PR_GetError();
-	const char * errorString = SECU_Strerror(errorNumber);
+    PRErrorCode  errorNumber = PR_GetError();
+    const char * errorString = SECU_Strerror(errorNumber);
 
-	fprintf(stderr, "Error in function %s: %d\n - %s\n",
-			function, errorNumber, errorString);
+    fprintf(stderr, "Error in function %s: %d\n - %s\n",
+		    function, errorNumber, errorString);
 }
 
 void
 exitErr(char *function)
 {
-	errWarn(function);
-	/* Exit gracefully. */
-	NSS_Shutdown();
-	PR_Cleanup();
-	exit(1);
+    errWarn(function);
+    /* Exit gracefully. */
+    NSS_Shutdown();
+    PR_Cleanup();
+    exit(1);
 }
 
 void 
 printSecurityInfo(FILE *outfile, PRFileDesc *fd)
 {
-	char * cp;	/* bulk cipher name */
-	char * ip;	/* cert issuer DN */
-	char * sp;	/* cert subject DN */
-	int    op;	/* High, Low, Off */
-	int    kp0;	/* total key bits */
-	int    kp1;	/* secret key bits */
-	int    result;
-	SSL3Statistics * ssl3stats = SSL_GetStatistics();
+    char * cp;	/* bulk cipher name */
+    char * ip;	/* cert issuer DN */
+    char * sp;	/* cert subject DN */
+    int    op;	/* High, Low, Off */
+    int    kp0;	/* total key bits */
+    int    kp1;	/* secret key bits */
+    int    result;
+    SSL3Statistics * ssl3stats = SSL_GetStatistics();
 
-	if (!outfile) {
-	    outfile = stdout;
-	}
+    if (!outfile) {
+	outfile = stdout;
+    }
 
-	result = SSL_SecurityStatus(fd, &op, &cp, &kp0, &kp1, &ip, &sp);
-	if (result != SECSuccess)
-		return;
-	fprintf(outfile,
-	 "   bulk cipher %s, %d secret key bits, %d key bits, status: %d\n"
-	 "   subject DN:\n %s\n"
-	 "   issuer  DN:\n %s\n", cp, kp1, kp0, op, sp, ip);
-	PR_Free(cp);
-	PR_Free(ip);
-	PR_Free(sp);
+    result = SSL_SecurityStatus(fd, &op, &cp, &kp0, &kp1, &ip, &sp);
+    if (result != SECSuccess)
+	return;
+    fprintf(outfile,
+     "   bulk cipher %s, %d secret key bits, %d key bits, status: %d\n"
+     "   subject DN:\n %s\n"
+     "   issuer  DN:\n %s\n", cp, kp1, kp0, op, sp, ip);
+    PR_Free(cp);
+    PR_Free(ip);
+    PR_Free(sp);
 
-	fprintf(outfile,
-	  "   %ld cache hits; %ld cache misses, %ld cache not reusable\n",
-		ssl3stats->hch_sid_cache_hits, ssl3stats->hch_sid_cache_misses,
-	ssl3stats->hch_sid_cache_not_ok);
+    fprintf(outfile,
+      "   %ld cache hits; %ld cache misses, %ld cache not reusable\n",
+	    ssl3stats->hch_sid_cache_hits, ssl3stats->hch_sid_cache_misses,
+    ssl3stats->hch_sid_cache_not_ok);
 
 }
 
 
 /**************************************************************************
 ** Begin thread management routines and data.
 **************************************************************************/
 
 void
 thread_wrapper(void * arg)
 {
-	GlobalThreadMgr *threadMGR = (GlobalThreadMgr *)arg;
-	perThread *slot = &threadMGR->threads[threadMGR->index];
+    GlobalThreadMgr *threadMGR = (GlobalThreadMgr *)arg;
+    perThread *slot = &threadMGR->threads[threadMGR->index];
 
-	/* wait for parent to finish launching us before proceeding. */
-	PR_Lock(threadMGR->threadLock);
-	PR_Unlock(threadMGR->threadLock);
+    /* wait for parent to finish launching us before proceeding. */
+    PR_Lock(threadMGR->threadLock);
+    PR_Unlock(threadMGR->threadLock);
 
-	slot->rv = (* slot->startFunc)(slot->a, slot->b);
+    slot->rv = (* slot->startFunc)(slot->a, slot->b);
 
-	PR_Lock(threadMGR->threadLock);
-	slot->running = rs_zombie;
+    PR_Lock(threadMGR->threadLock);
+    slot->running = rs_zombie;
 
-	/* notify the thread exit handler. */
-	PR_NotifyCondVar(threadMGR->threadEndQ);
+    /* notify the thread exit handler. */
+    PR_NotifyCondVar(threadMGR->threadEndQ);
 
-	PR_Unlock(threadMGR->threadLock);
+    PR_Unlock(threadMGR->threadLock);
 }
 
 SECStatus
 launch_thread(GlobalThreadMgr *threadMGR,
               startFn         *startFunc,
               void            *a,
               int              b)
 {
-	perThread *slot;
-	int        i;
+    perThread *slot;
+    int        i;
 
-	if (!threadMGR->threadStartQ) {
-		threadMGR->threadLock   = PR_NewLock();
-		threadMGR->threadStartQ = PR_NewCondVar(threadMGR->threadLock);
-		threadMGR->threadEndQ   = PR_NewCondVar(threadMGR->threadLock);
-	}
-	PR_Lock(threadMGR->threadLock);
-	while (threadMGR->numRunning >= MAX_THREADS) {
-		PR_WaitCondVar(threadMGR->threadStartQ, PR_INTERVAL_NO_TIMEOUT);
-	}
-	for (i = 0; i < threadMGR->numUsed; ++i) {
-		slot = &threadMGR->threads[i];
-		if (slot->running == rs_idle) 
-			break;
+    if (!threadMGR->threadStartQ) {
+	threadMGR->threadLock   = PR_NewLock();
+	threadMGR->threadStartQ = PR_NewCondVar(threadMGR->threadLock);
+	threadMGR->threadEndQ   = PR_NewCondVar(threadMGR->threadLock);
+    }
+    PR_Lock(threadMGR->threadLock);
+    while (threadMGR->numRunning >= MAX_THREADS) {
+	PR_WaitCondVar(threadMGR->threadStartQ, PR_INTERVAL_NO_TIMEOUT);
+    }
+    for (i = 0; i < threadMGR->numUsed; ++i) {
+	slot = &threadMGR->threads[i];
+	if (slot->running == rs_idle) 
+	    break;
+    }
+    if (i >= threadMGR->numUsed) {
+	if (i >= MAX_THREADS) {
+	    /* something's really wrong here. */
+	    PORT_Assert(i < MAX_THREADS);
+	    PR_Unlock(threadMGR->threadLock);
+	    return SECFailure;
 	}
-	if (i >= threadMGR->numUsed) {
-		if (i >= MAX_THREADS) {
-			/* something's really wrong here. */
-			PORT_Assert(i < MAX_THREADS);
-			PR_Unlock(threadMGR->threadLock);
-			return SECFailure;
-		}
-		++(threadMGR->numUsed);
-		PORT_Assert(threadMGR->numUsed == i + 1);
-		slot = &threadMGR->threads[i];
-	}
+	++(threadMGR->numUsed);
+	PORT_Assert(threadMGR->numUsed == i + 1);
+	slot = &threadMGR->threads[i];
+    }
 
-	slot->a = a;
-	slot->b = b;
-	slot->startFunc = startFunc;
+    slot->a = a;
+    slot->b = b;
+    slot->startFunc = startFunc;
 
-	threadMGR->index = i;
+    threadMGR->index = i;
 
-	slot->prThread = PR_CreateThread(PR_USER_THREAD,
-	                                 thread_wrapper, threadMGR,
-	                                 PR_PRIORITY_NORMAL, PR_GLOBAL_THREAD,
-	                                 PR_JOINABLE_THREAD, 0);
+    slot->prThread = PR_CreateThread(PR_USER_THREAD,
+				     thread_wrapper, threadMGR,
+				     PR_PRIORITY_NORMAL, PR_GLOBAL_THREAD,
+				     PR_JOINABLE_THREAD, 0);
 
-	if (slot->prThread == NULL) {
-		PR_Unlock(threadMGR->threadLock);
-		printf("Failed to launch thread!\n");
-		return SECFailure;
-	} 
+    if (slot->prThread == NULL) {
+	PR_Unlock(threadMGR->threadLock);
+	printf("Failed to launch thread!\n");
+	return SECFailure;
+    } 
 
-	slot->inUse   = 1;
-	slot->running = 1;
-	++(threadMGR->numRunning);
-	PR_Unlock(threadMGR->threadLock);
+    slot->inUse   = 1;
+    slot->running = 1;
+    ++(threadMGR->numRunning);
+    PR_Unlock(threadMGR->threadLock);
 
-	return SECSuccess;
+    return SECSuccess;
 }
 
 SECStatus 
 reap_threads(GlobalThreadMgr *threadMGR)
 {
-	perThread * slot;
-	int			i;
+    perThread * slot;
+    int			i;
 
-	if (!threadMGR->threadLock)
-		return 0;
-	PR_Lock(threadMGR->threadLock);
-	while (threadMGR->numRunning > 0) {
-	    PR_WaitCondVar(threadMGR->threadEndQ, PR_INTERVAL_NO_TIMEOUT);
-	    for (i = 0; i < threadMGR->numUsed; ++i) {
-		slot = &threadMGR->threads[i];
-		if (slot->running == rs_zombie)  {
-		    /* Handle cleanup of thread here. */
+    if (!threadMGR->threadLock)
+	return SECSuccess;
+    PR_Lock(threadMGR->threadLock);
+    while (threadMGR->numRunning > 0) {
+	PR_WaitCondVar(threadMGR->threadEndQ, PR_INTERVAL_NO_TIMEOUT);
+	for (i = 0; i < threadMGR->numUsed; ++i) {
+	    slot = &threadMGR->threads[i];
+	    if (slot->running == rs_zombie)  {
+		/* Handle cleanup of thread here. */
 
-		    /* Now make sure the thread has ended OK. */
-		    PR_JoinThread(slot->prThread);
-		    slot->running = rs_idle;
-		    --threadMGR->numRunning;
+		/* Now make sure the thread has ended OK. */
+		PR_JoinThread(slot->prThread);
+		slot->running = rs_idle;
+		--threadMGR->numRunning;
 
-		    /* notify the thread launcher. */
-		    PR_NotifyCondVar(threadMGR->threadStartQ);
-		}
+		/* notify the thread launcher. */
+		PR_NotifyCondVar(threadMGR->threadStartQ);
 	    }
 	}
+    }
 
-	/* Safety Sam sez: make sure count is right. */
-	for (i = 0; i < threadMGR->numUsed; ++i) {
-		slot = &threadMGR->threads[i];
-		if (slot->running != rs_idle)  {
-			fprintf(stderr, "Thread in slot %d is in state %d!\n", 
-			                 i, slot->running);
-		}
+    /* Safety Sam sez: make sure count is right. */
+    for (i = 0; i < threadMGR->numUsed; ++i) {
+	slot = &threadMGR->threads[i];
+	if (slot->running != rs_idle)  {
+	    fprintf(stderr, "Thread in slot %d is in state %d!\n", 
+			     i, slot->running);
 	}
-	PR_Unlock(threadMGR->threadLock);
-	return 0;
+    }
+    PR_Unlock(threadMGR->threadLock);
+    return SECSuccess;
 }
 
 void
 destroy_thread_data(GlobalThreadMgr *threadMGR)
 {
-	PORT_Memset(threadMGR->threads, 0, sizeof(threadMGR->threads));
+    PORT_Memset(threadMGR->threads, 0, sizeof(threadMGR->threads));
 
-	if (threadMGR->threadEndQ) {
-		PR_DestroyCondVar(threadMGR->threadEndQ);
-		threadMGR->threadEndQ = NULL;
-	}
-	if (threadMGR->threadStartQ) {
-		PR_DestroyCondVar(threadMGR->threadStartQ);
-		threadMGR->threadStartQ = NULL;
-	}
-	if (threadMGR->threadLock) {
-		PR_DestroyLock(threadMGR->threadLock);
-		threadMGR->threadLock = NULL;
-	}
+    if (threadMGR->threadEndQ) {
+	PR_DestroyCondVar(threadMGR->threadEndQ);
+	threadMGR->threadEndQ = NULL;
+    }
+    if (threadMGR->threadStartQ) {
+	PR_DestroyCondVar(threadMGR->threadStartQ);
+	threadMGR->threadStartQ = NULL;
+    }
+    if (threadMGR->threadLock) {
+	PR_DestroyLock(threadMGR->threadLock);
+	threadMGR->threadLock = NULL;
+    }
 }
 
 /**************************************************************************
 ** End	 thread management routines.
 **************************************************************************/
 
 void 
 lockedVars_Init( lockedVars * lv)
 {
-	lv->count	= 0;
-	lv->waiters = 0;
-	lv->lock	= PR_NewLock();
-	lv->condVar = PR_NewCondVar(lv->lock);
+    lv->count	= 0;
+    lv->waiters = 0;
+    lv->lock	= PR_NewLock();
+    lv->condVar = PR_NewCondVar(lv->lock);
 }
 
 void
 lockedVars_Destroy( lockedVars * lv)
 {
-	PR_DestroyCondVar(lv->condVar);
-	lv->condVar = NULL;
+    PR_DestroyCondVar(lv->condVar);
+    lv->condVar = NULL;
 
-	PR_DestroyLock(lv->lock);
-	lv->lock = NULL;
+    PR_DestroyLock(lv->lock);
+    lv->lock = NULL;
 }
 
 void
 lockedVars_WaitForDone(lockedVars * lv)
 {
-	PR_Lock(lv->lock);
-	while (lv->count > 0) {
-		PR_WaitCondVar(lv->condVar, PR_INTERVAL_NO_TIMEOUT);
-	}
-	PR_Unlock(lv->lock);
+    PR_Lock(lv->lock);
+    while (lv->count > 0) {
+	PR_WaitCondVar(lv->condVar, PR_INTERVAL_NO_TIMEOUT);
+    }
+    PR_Unlock(lv->lock);
 }
 
 int	/* returns count */
 lockedVars_AddToCount(lockedVars * lv, int addend)
 {
-	int rv;
+    int rv;
 
-	PR_Lock(lv->lock);
-	rv = lv->count += addend;
-	if (rv <= 0) {
+    PR_Lock(lv->lock);
+    rv = lv->count += addend;
+    if (rv <= 0) {
 	PR_NotifyCondVar(lv->condVar);
-	}
-	PR_Unlock(lv->lock);
-	return rv;
+    }
+    PR_Unlock(lv->lock);
+    return rv;
 }
 
 static char *
 bestCertName(CERTCertificate *cert) {
     if (cert->nickname) {
 	return cert->nickname;
     }
     if (cert->emailAddr) {
@@ -610,27 +609,28 @@ bestCertName(CERTCertificate *cert) {
     return cert->subjectName;
 }
 
 void
 printCertProblems(FILE *outfile, CERTCertDBHandle *handle, 
 	CERTCertificate *cert, PRBool checksig, 
 	SECCertUsage certUsage, void *pinArg)
 {
-    CERTVerifyLog log;
-    CERTVerifyLogNode *node = NULL;
-    unsigned int depth = (unsigned int)-1;
-    unsigned int flags = 0;
-    char *errstr = NULL;
+    CERTVerifyLog      log;
+    CERTVerifyLogNode *node   = NULL;
+    unsigned int       depth  = (unsigned int)-1;
+    unsigned int       flags  = 0;
+    char *             errstr = NULL;
+    PRErrorCode	       err    = PORT_GetError();
 
     log.arena = PORT_NewArena(512);
     log.head = log.tail = NULL;
     log.count = 0;
     CERT_VerifyCert(handle, cert, checksig, certUsage,
-	PR_Now(), pinArg, &log);
+	            PR_Now(), pinArg, &log);
 
     if (log.count > 0) {
 	fprintf(outfile,"PROBLEM WITH THE CERT CHAIN:\n");
 	for (node = log.head; node; node = node->next) {
 	    if (depth != node->depth) {
 		depth = node->depth;
 		fprintf(outfile,"CERT %d. %s %s:\n", depth,
 				 bestCertName(node->cert), 
@@ -691,10 +691,10 @@ printCertProblems(FILE *outfile, CERTCer
 		break;
 	    }
 	    if (errstr) {
 		fprintf(stderr,"    %s\n",errstr);
 	    }
 	    CERT_DestroyCertificate(node->cert);
 	}    
     }
-    return ;
+    PR_SetError(err, 0); /* restore original error code */
 }