Bugzilla bug 70758: additional changes for this bug. r=nicolson.

Modified files: list.c sign.c verify.c

3 files changed, 24 insertions, 10 deletions

diff --git a/security/nss/cmd/signtool/list.c b/security/nss/cmd/signtool/list.c
index b21090c2e..83ae4d6a3 100644
--- a/security/nss/cmd/signtool/list.c
+++ b/security/nss/cmd/signtool/list.c
@@ -46,6 +46,7 @@ static SECStatus cert_trav_callback(CERTCertificate *cert, SECItem *k,
 int
 ListCerts(char *key, int list_certs)
 {
+	int failed = 0;
 	SECStatus rv;
 	char *ugly_list;
 	CERTCertDBHandle *db;
@@ -85,9 +86,19 @@ ListCerts(char *key, int list_certs)
 	rv = PK11_TraverseSlotCerts(cert_trav_callback, (void*)&list_certs,
 		NULL /*wincx*/);
 
+	if (rv) {
+		PR_fprintf(outputFD, "**Traverse of non-internal DBs failed**\n");
+		return -1;
+	}
+
 	/* Traverse Internal DB */
 	rv = SEC_TraversePermCerts(db, cert_trav_callback, (void*)&list_certs);
 
+	if (rv) {
+		PR_fprintf(outputFD, "**Traverse of internal DB failed**\n");
+		return -1;
+	}
+
 	if (num_trav_certs == 0) {
 		PR_fprintf(outputFD,
 			"You don't appear to have any object signing certificates.\n");
@@ -99,10 +110,6 @@ ListCerts(char *key, int list_certs)
 		PR_fprintf(outputFD, "---------------------------------------\n");
 	}
 
-	if (rv) {
-		return -1;
-	}
-
 	if (list_certs == 1) {
 		PR_fprintf(outputFD,
 			"For a list including CA's, use \"%s -L\"\n", PROGRAM_NAME);
@@ -141,6 +148,7 @@ ListCerts(char *key, int list_certs)
 			certUsageObjectSigner, PR_Now(), NULL, &errlog);
 
 			if (rv != SECSuccess) {
+				failed = 1;
 				if(errlog.count > 0) {
 					PR_fprintf(outputFD,
 						"**Certificate validation failed for the "
@@ -155,6 +163,7 @@ ListCerts(char *key, int list_certs)
 
 
 		} else {
+			failed = 1;
 			PR_fprintf(outputFD,
 				"The certificate with nickname \"%s\" was NOT FOUND\n",
 			 key);
@@ -165,7 +174,7 @@ ListCerts(char *key, int list_certs)
 		PORT_FreeArena(errlog.arena, PR_FALSE);
 	}
 
-	if (rv != SECSuccess) {
+	if (failed) {
 		return -1;
 	}
 	return 0;
diff --git a/security/nss/cmd/signtool/sign.c b/security/nss/cmd/signtool/sign.c
index 7a974d2db..b46c2f16a 100644
--- a/security/nss/cmd/signtool/sign.c
+++ b/security/nss/cmd/signtool/sign.c
@@ -168,6 +168,8 @@ sign_all_arc_fn(char *relpath, char *basedir, char *reldir, char *filename,
 		 (PL_strcasestr(relpath, ".arc") == relpath + strlen(relpath) - 4) ) {
 
 		if(!infop) {
+			PR_fprintf(errorFD, "%s: Internal failure\n", PROGRAM_NAME);
+			errorCount++;
 			retval = -1;
 			goto finish;
 		}
diff --git a/security/nss/cmd/signtool/verify.c b/security/nss/cmd/signtool/verify.c
index 6b2da2c90..fd80ef737 100644
--- a/security/nss/cmd/signtool/verify.c
+++ b/security/nss/cmd/signtool/verify.c
@@ -74,6 +74,7 @@ VerifyJar(char *filename)
 
   if (status < 0 || jar->valid < 0)
     {
+    failed = 1;
     PR_fprintf(outputFD, "\nNOTE -- \"%s\" archive DID NOT PASS crypto verification.\n", filename);
     if (status < 0)
       {
@@ -93,7 +94,7 @@ VerifyJar(char *filename)
       /* corrupt files should not have their contents listed */ 
 
       if (status == JAR_ERR_CORRUPT)
-        return status;
+        return -1;
       }
     PR_fprintf(outputFD,
 		"entries shown below will have their digests checked only.\n"); 
@@ -140,6 +141,7 @@ VerifyJar(char *filename)
 
   if (status < 0 || jar->valid < 0)
     {
+    failed = 1;
     PR_fprintf(outputFD,
 		"\nNOTE -- \"%s\" archive DID NOT PASS crypto verification.\n", filename);
     give_help (status);
@@ -147,10 +149,8 @@ VerifyJar(char *filename)
 
   JAR_destroy (jar);
 
-  if (status < 0)
-    return status;
-  if (jar->valid < 0 || failed)
-    return ERRX;
+  if (failed)
+    return -1;
   return 0;
 }
 
@@ -355,7 +355,10 @@ JarWho(char *filename)
         PR_fprintf(outputFD, "issuer name: %s\n", cert->issuerName);
       }
     else
+      {
       PR_fprintf(outputFD, "no certificate could be found\n");
+      retval = -1;
+      }
 
     prev = cert;
     }