Make indentation style self-consistent: 4 spaces per indent.

Save error code at the beginning of printCertProblems, and restore it at
the end, since CERT_VerifyCert nearly always sets the error code to
-8157 Certificate extension not found when building an error log.
Bug 172036.

1 files changed, 246 insertions, 246 deletions

diff --git a/security/nss/cmd/vfyserv/vfyutil.c b/security/nss/cmd/vfyserv/vfyutil.c
index db60ec13e..0e2c26f90 100644
--- a/security/nss/cmd/vfyserv/vfyutil.c
+++ b/security/nss/cmd/vfyserv/vfyutil.c
@@ -40,30 +40,30 @@
 /* Declare SSL cipher suites. */
 
 int ssl2CipherSuites[] = {
-	SSL_EN_RC4_128_WITH_MD5,              /* A */
-	SSL_EN_RC4_128_EXPORT40_WITH_MD5,     /* B */
-	SSL_EN_RC2_128_CBC_WITH_MD5,          /* C */
-	SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5, /* D */
-	SSL_EN_DES_64_CBC_WITH_MD5,           /* E */
-	SSL_EN_DES_192_EDE3_CBC_WITH_MD5,     /* F */
-	0
+    SSL_EN_RC4_128_WITH_MD5,              /* A */
+    SSL_EN_RC4_128_EXPORT40_WITH_MD5,     /* B */
+    SSL_EN_RC2_128_CBC_WITH_MD5,          /* C */
+    SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5, /* D */
+    SSL_EN_DES_64_CBC_WITH_MD5,           /* E */
+    SSL_EN_DES_192_EDE3_CBC_WITH_MD5,     /* F */
+    0
 };
 
 int ssl3CipherSuites[] = {
-	SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA, /* a */
-	SSL_FORTEZZA_DMS_WITH_RC4_128_SHA,      /* b */
-	SSL_RSA_WITH_RC4_128_MD5,               /* c */
-	SSL_RSA_WITH_3DES_EDE_CBC_SHA,          /* d */
-	SSL_RSA_WITH_DES_CBC_SHA,               /* e */
-	SSL_RSA_EXPORT_WITH_RC4_40_MD5,         /* f */
-	SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5,     /* g */
-	SSL_FORTEZZA_DMS_WITH_NULL_SHA,         /* h */
-	SSL_RSA_WITH_NULL_MD5,                  /* i */
-	SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,     /* j */
-	SSL_RSA_FIPS_WITH_DES_CBC_SHA,          /* k */
-	TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA,    /* l */
-	TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,     /* m */
-	0
+    SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA, /* a */
+    SSL_FORTEZZA_DMS_WITH_RC4_128_SHA,      /* b */
+    SSL_RSA_WITH_RC4_128_MD5,               /* c */
+    SSL_RSA_WITH_3DES_EDE_CBC_SHA,          /* d */
+    SSL_RSA_WITH_DES_CBC_SHA,               /* e */
+    SSL_RSA_EXPORT_WITH_RC4_40_MD5,         /* f */
+    SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5,     /* g */
+    SSL_FORTEZZA_DMS_WITH_NULL_SHA,         /* h */
+    SSL_RSA_WITH_NULL_MD5,                  /* i */
+    SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,     /* j */
+    SSL_RSA_FIPS_WITH_DES_CBC_SHA,          /* k */
+    TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA,    /* l */
+    TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,     /* m */
+    0
 };
 
 /**************************************************************************
@@ -82,13 +82,12 @@ int ssl3CipherSuites[] = {
 char *
 myPasswd(PK11SlotInfo *info, PRBool retry, void *arg)
 {
-	char * passwd = NULL;
+    char * passwd = NULL;
 
-	if ( (!retry) && arg ) {
-		passwd = PORT_Strdup((char *)arg);
-	}
-
-	return passwd;
+    if ( (!retry) && arg ) {
+	passwd = PORT_Strdup((char *)arg);
+    }
+    return passwd;
 }
 
 /* Function: SECStatus myAuthCertificate()
@@ -103,60 +102,60 @@ myAuthCertificate(void *arg, PRFileDesc *socket,
                   PRBool checksig, PRBool isServer) 
 {
 
-	SECCertUsage        certUsage;
-	CERTCertificate *   cert;
-	void *              pinArg;
-	char *              hostName;
-	SECStatus           secStatus;
+    SECCertUsage        certUsage;
+    CERTCertificate *   cert;
+    void *              pinArg;
+    char *              hostName;
+    SECStatus           secStatus;
 
-	if (!arg || !socket) {
-		errWarn("myAuthCertificate");
-		return SECFailure;
-	}
+    if (!arg || !socket) {
+	errWarn("myAuthCertificate");
+	return SECFailure;
+    }
 
-	/* Define how the cert is being used based upon the isServer flag. */
+    /* Define how the cert is being used based upon the isServer flag. */
 
-	certUsage = isServer ? certUsageSSLClient : certUsageSSLServer;
+    certUsage = isServer ? certUsageSSLClient : certUsageSSLServer;
 
-	cert = SSL_PeerCertificate(socket);
+    cert = SSL_PeerCertificate(socket);
 	
-	pinArg = SSL_RevealPinArg(socket);
-
-	secStatus = CERT_VerifyCertNow((CERTCertDBHandle *)arg,
-	                               cert,
-	                               checksig,
-	                               certUsage,
-	                               pinArg);
-
-	/* If this is a server, we're finished. */
-	if (isServer || secStatus != SECSuccess) {
-		printCertProblems(stderr, (CERTCertDBHandle *)arg, cert, 
-					checksig, certUsage, pinArg);
-		CERT_DestroyCertificate(cert);
-		return secStatus;
-	}
+    pinArg = SSL_RevealPinArg(socket);
+
+    secStatus = CERT_VerifyCertNow((CERTCertDBHandle *)arg,
+				   cert,
+				   checksig,
+				   certUsage,
+				   pinArg);
+
+    /* If this is a server, we're finished. */
+    if (isServer || secStatus != SECSuccess) {
+	printCertProblems(stderr, (CERTCertDBHandle *)arg, cert, 
+			  checksig, certUsage, pinArg);
+	CERT_DestroyCertificate(cert);
+	return secStatus;
+    }
 
-	/* Certificate is OK.  Since this is the client side of an SSL
-	 * connection, we need to verify that the name field in the cert
-	 * matches the desired hostname.  This is our defense against
-	 * man-in-the-middle attacks.
-	 */
+    /* Certificate is OK.  Since this is the client side of an SSL
+     * connection, we need to verify that the name field in the cert
+     * matches the desired hostname.  This is our defense against
+     * man-in-the-middle attacks.
+     */
 
-	/* SSL_RevealURL returns a hostName, not an URL. */
-	hostName = SSL_RevealURL(socket);
+    /* SSL_RevealURL returns a hostName, not an URL. */
+    hostName = SSL_RevealURL(socket);
 
-	if (hostName && hostName[0]) {
-		secStatus = CERT_VerifyCertName(cert, hostName);
-	} else {
-		PR_SetError(SSL_ERROR_BAD_CERT_DOMAIN, 0);
-		secStatus = SECFailure;
-	}
+    if (hostName && hostName[0]) {
+	secStatus = CERT_VerifyCertName(cert, hostName);
+    } else {
+	PR_SetError(SSL_ERROR_BAD_CERT_DOMAIN, 0);
+	secStatus = SECFailure;
+    }
 
-	if (hostName)
-		PR_Free(hostName);
+    if (hostName)
+	PR_Free(hostName);
 
-	CERT_DestroyCertificate(cert);
-	return secStatus;
+    CERT_DestroyCertificate(cert);
+    return secStatus;
 }
 
 /* Function: SECStatus myBadCertHandler()
@@ -178,7 +177,7 @@ myBadCertHandler(void *arg, PRFileDesc *socket)
     /* log invalid cert here */
 
     if (!arg) {
-		return secStatus;
+	return secStatus;
     }
 
     *(PRErrorCode *)arg = err = PORT_GetError();
@@ -202,10 +201,10 @@ myBadCertHandler(void *arg, PRFileDesc *socket)
     case SEC_ERROR_CA_CERT_INVALID:
     case SEC_ERROR_CERT_USAGES_INVALID:
     case SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION:
-		secStatus = SECSuccess;
+	secStatus = SECSuccess;
 	break;
     default:
-		secStatus = SECFailure;
+	secStatus = SECFailure;
 	break;
     }
 
@@ -236,15 +235,15 @@ myGetClientAuthData(void *arg,
     proto_win = SSL_RevealPinArg(socket);
 
     if (chosenNickName) {
-		cert = PK11_FindCertFromNickname(chosenNickName, proto_win);
-		if (cert) {
-		    privKey = PK11_FindKeyByAnyCert(cert, proto_win);
-		    if (privKey) {
-				secStatus = SECSuccess;
-		    } else {
-				CERT_DestroyCertificate(cert);
-		    }
-		}
+	cert = PK11_FindCertFromNickname(chosenNickName, proto_win);
+	if (cert) {
+	    privKey = PK11_FindKeyByAnyCert(cert, proto_win);
+	    if (privKey) {
+		secStatus = SECSuccess;
+	    } else {
+		CERT_DestroyCertificate(cert);
+	    }
+	}
     } else { /* no nickname given, automatically find the right cert */
 	CERTCertNicknames *names;
 	int                i;
@@ -283,8 +282,8 @@ myGetClientAuthData(void *arg,
     }
 
     if (secStatus == SECSuccess) {
-		*pRetCert = cert;
-		*pRetKey  = privKey;
+	*pRetCert = cert;
+	*pRetKey  = privKey;
     }
 
     return secStatus;
@@ -357,54 +356,54 @@ disableAllSSLCiphers(void)
 void
 errWarn(char *function)
 {
-	PRErrorCode  errorNumber = PR_GetError();
-	const char * errorString = SECU_Strerror(errorNumber);
+    PRErrorCode  errorNumber = PR_GetError();
+    const char * errorString = SECU_Strerror(errorNumber);
 
-	fprintf(stderr, "Error in function %s: %d\n - %s\n",
-			function, errorNumber, errorString);
+    fprintf(stderr, "Error in function %s: %d\n - %s\n",
+		    function, errorNumber, errorString);
 }
 
 void
 exitErr(char *function)
 {
-	errWarn(function);
-	/* Exit gracefully. */
-	NSS_Shutdown();
-	PR_Cleanup();
-	exit(1);
+    errWarn(function);
+    /* Exit gracefully. */
+    NSS_Shutdown();
+    PR_Cleanup();
+    exit(1);
 }
 
 void 
 printSecurityInfo(FILE *outfile, PRFileDesc *fd)
 {
-	char * cp;	/* bulk cipher name */
-	char * ip;	/* cert issuer DN */
-	char * sp;	/* cert subject DN */
-	int    op;	/* High, Low, Off */
-	int    kp0;	/* total key bits */
-	int    kp1;	/* secret key bits */
-	int    result;
-	SSL3Statistics * ssl3stats = SSL_GetStatistics();
-
-	if (!outfile) {
-	    outfile = stdout;
-	}
+    char * cp;	/* bulk cipher name */
+    char * ip;	/* cert issuer DN */
+    char * sp;	/* cert subject DN */
+    int    op;	/* High, Low, Off */
+    int    kp0;	/* total key bits */
+    int    kp1;	/* secret key bits */
+    int    result;
+    SSL3Statistics * ssl3stats = SSL_GetStatistics();
+
+    if (!outfile) {
+	outfile = stdout;
+    }
 
-	result = SSL_SecurityStatus(fd, &op, &cp, &kp0, &kp1, &ip, &sp);
-	if (result != SECSuccess)
-		return;
-	fprintf(outfile,
-	 "   bulk cipher %s, %d secret key bits, %d key bits, status: %d\n"
-	 "   subject DN:\n %s\n"
-	 "   issuer  DN:\n %s\n", cp, kp1, kp0, op, sp, ip);
-	PR_Free(cp);
-	PR_Free(ip);
-	PR_Free(sp);
-
-	fprintf(outfile,
-	  "   %ld cache hits; %ld cache misses, %ld cache not reusable\n",
-		ssl3stats->hch_sid_cache_hits, ssl3stats->hch_sid_cache_misses,
-	ssl3stats->hch_sid_cache_not_ok);
+    result = SSL_SecurityStatus(fd, &op, &cp, &kp0, &kp1, &ip, &sp);
+    if (result != SECSuccess)
+	return;
+    fprintf(outfile,
+     "   bulk cipher %s, %d secret key bits, %d key bits, status: %d\n"
+     "   subject DN:\n %s\n"
+     "   issuer  DN:\n %s\n", cp, kp1, kp0, op, sp, ip);
+    PR_Free(cp);
+    PR_Free(ip);
+    PR_Free(sp);
+
+    fprintf(outfile,
+      "   %ld cache hits; %ld cache misses, %ld cache not reusable\n",
+	    ssl3stats->hch_sid_cache_hits, ssl3stats->hch_sid_cache_misses,
+    ssl3stats->hch_sid_cache_not_ok);
 
 }
 
@@ -416,22 +415,22 @@ printSecurityInfo(FILE *outfile, PRFileDesc *fd)
 void
 thread_wrapper(void * arg)
 {
-	GlobalThreadMgr *threadMGR = (GlobalThreadMgr *)arg;
-	perThread *slot = &threadMGR->threads[threadMGR->index];
+    GlobalThreadMgr *threadMGR = (GlobalThreadMgr *)arg;
+    perThread *slot = &threadMGR->threads[threadMGR->index];
 
-	/* wait for parent to finish launching us before proceeding. */
-	PR_Lock(threadMGR->threadLock);
-	PR_Unlock(threadMGR->threadLock);
+    /* wait for parent to finish launching us before proceeding. */
+    PR_Lock(threadMGR->threadLock);
+    PR_Unlock(threadMGR->threadLock);
 
-	slot->rv = (* slot->startFunc)(slot->a, slot->b);
+    slot->rv = (* slot->startFunc)(slot->a, slot->b);
 
-	PR_Lock(threadMGR->threadLock);
-	slot->running = rs_zombie;
+    PR_Lock(threadMGR->threadLock);
+    slot->running = rs_zombie;
 
-	/* notify the thread exit handler. */
-	PR_NotifyCondVar(threadMGR->threadEndQ);
+    /* notify the thread exit handler. */
+    PR_NotifyCondVar(threadMGR->threadEndQ);
 
-	PR_Unlock(threadMGR->threadLock);
+    PR_Unlock(threadMGR->threadLock);
 }
 
 SECStatus
@@ -440,116 +439,116 @@ launch_thread(GlobalThreadMgr *threadMGR,
               void            *a,
               int              b)
 {
-	perThread *slot;
-	int        i;
+    perThread *slot;
+    int        i;
 
-	if (!threadMGR->threadStartQ) {
-		threadMGR->threadLock   = PR_NewLock();
-		threadMGR->threadStartQ = PR_NewCondVar(threadMGR->threadLock);
-		threadMGR->threadEndQ   = PR_NewCondVar(threadMGR->threadLock);
-	}
-	PR_Lock(threadMGR->threadLock);
-	while (threadMGR->numRunning >= MAX_THREADS) {
-		PR_WaitCondVar(threadMGR->threadStartQ, PR_INTERVAL_NO_TIMEOUT);
-	}
-	for (i = 0; i < threadMGR->numUsed; ++i) {
-		slot = &threadMGR->threads[i];
-		if (slot->running == rs_idle) 
-			break;
-	}
-	if (i >= threadMGR->numUsed) {
-		if (i >= MAX_THREADS) {
-			/* something's really wrong here. */
-			PORT_Assert(i < MAX_THREADS);
-			PR_Unlock(threadMGR->threadLock);
-			return SECFailure;
-		}
-		++(threadMGR->numUsed);
-		PORT_Assert(threadMGR->numUsed == i + 1);
-		slot = &threadMGR->threads[i];
+    if (!threadMGR->threadStartQ) {
+	threadMGR->threadLock   = PR_NewLock();
+	threadMGR->threadStartQ = PR_NewCondVar(threadMGR->threadLock);
+	threadMGR->threadEndQ   = PR_NewCondVar(threadMGR->threadLock);
+    }
+    PR_Lock(threadMGR->threadLock);
+    while (threadMGR->numRunning >= MAX_THREADS) {
+	PR_WaitCondVar(threadMGR->threadStartQ, PR_INTERVAL_NO_TIMEOUT);
+    }
+    for (i = 0; i < threadMGR->numUsed; ++i) {
+	slot = &threadMGR->threads[i];
+	if (slot->running == rs_idle) 
+	    break;
+    }
+    if (i >= threadMGR->numUsed) {
+	if (i >= MAX_THREADS) {
+	    /* something's really wrong here. */
+	    PORT_Assert(i < MAX_THREADS);
+	    PR_Unlock(threadMGR->threadLock);
+	    return SECFailure;
 	}
+	++(threadMGR->numUsed);
+	PORT_Assert(threadMGR->numUsed == i + 1);
+	slot = &threadMGR->threads[i];
+    }
 
-	slot->a = a;
-	slot->b = b;
-	slot->startFunc = startFunc;
-
-	threadMGR->index = i;
+    slot->a = a;
+    slot->b = b;
+    slot->startFunc = startFunc;
 
-	slot->prThread = PR_CreateThread(PR_USER_THREAD,
-	                                 thread_wrapper, threadMGR,
-	                                 PR_PRIORITY_NORMAL, PR_GLOBAL_THREAD,
-	                                 PR_JOINABLE_THREAD, 0);
+    threadMGR->index = i;
 
-	if (slot->prThread == NULL) {
-		PR_Unlock(threadMGR->threadLock);
-		printf("Failed to launch thread!\n");
-		return SECFailure;
-	} 
+    slot->prThread = PR_CreateThread(PR_USER_THREAD,
+				     thread_wrapper, threadMGR,
+				     PR_PRIORITY_NORMAL, PR_GLOBAL_THREAD,
+				     PR_JOINABLE_THREAD, 0);
 
-	slot->inUse   = 1;
-	slot->running = 1;
-	++(threadMGR->numRunning);
+    if (slot->prThread == NULL) {
 	PR_Unlock(threadMGR->threadLock);
+	printf("Failed to launch thread!\n");
+	return SECFailure;
+    } 
 
-	return SECSuccess;
+    slot->inUse   = 1;
+    slot->running = 1;
+    ++(threadMGR->numRunning);
+    PR_Unlock(threadMGR->threadLock);
+
+    return SECSuccess;
 }
 
 SECStatus 
 reap_threads(GlobalThreadMgr *threadMGR)
 {
-	perThread * slot;
-	int			i;
-
-	if (!threadMGR->threadLock)
-		return 0;
-	PR_Lock(threadMGR->threadLock);
-	while (threadMGR->numRunning > 0) {
-	    PR_WaitCondVar(threadMGR->threadEndQ, PR_INTERVAL_NO_TIMEOUT);
-	    for (i = 0; i < threadMGR->numUsed; ++i) {
-		slot = &threadMGR->threads[i];
-		if (slot->running == rs_zombie)  {
-		    /* Handle cleanup of thread here. */
-
-		    /* Now make sure the thread has ended OK. */
-		    PR_JoinThread(slot->prThread);
-		    slot->running = rs_idle;
-		    --threadMGR->numRunning;
-
-		    /* notify the thread launcher. */
-		    PR_NotifyCondVar(threadMGR->threadStartQ);
-		}
+    perThread * slot;
+    int			i;
+
+    if (!threadMGR->threadLock)
+	return SECSuccess;
+    PR_Lock(threadMGR->threadLock);
+    while (threadMGR->numRunning > 0) {
+	PR_WaitCondVar(threadMGR->threadEndQ, PR_INTERVAL_NO_TIMEOUT);
+	for (i = 0; i < threadMGR->numUsed; ++i) {
+	    slot = &threadMGR->threads[i];
+	    if (slot->running == rs_zombie)  {
+		/* Handle cleanup of thread here. */
+
+		/* Now make sure the thread has ended OK. */
+		PR_JoinThread(slot->prThread);
+		slot->running = rs_idle;
+		--threadMGR->numRunning;
+
+		/* notify the thread launcher. */
+		PR_NotifyCondVar(threadMGR->threadStartQ);
 	    }
 	}
+    }
 
-	/* Safety Sam sez: make sure count is right. */
-	for (i = 0; i < threadMGR->numUsed; ++i) {
-		slot = &threadMGR->threads[i];
-		if (slot->running != rs_idle)  {
-			fprintf(stderr, "Thread in slot %d is in state %d!\n", 
-			                 i, slot->running);
-		}
+    /* Safety Sam sez: make sure count is right. */
+    for (i = 0; i < threadMGR->numUsed; ++i) {
+	slot = &threadMGR->threads[i];
+	if (slot->running != rs_idle)  {
+	    fprintf(stderr, "Thread in slot %d is in state %d!\n", 
+			     i, slot->running);
 	}
-	PR_Unlock(threadMGR->threadLock);
-	return 0;
+    }
+    PR_Unlock(threadMGR->threadLock);
+    return SECSuccess;
 }
 
 void
 destroy_thread_data(GlobalThreadMgr *threadMGR)
 {
-	PORT_Memset(threadMGR->threads, 0, sizeof(threadMGR->threads));
+    PORT_Memset(threadMGR->threads, 0, sizeof(threadMGR->threads));
 
-	if (threadMGR->threadEndQ) {
-		PR_DestroyCondVar(threadMGR->threadEndQ);
-		threadMGR->threadEndQ = NULL;
-	}
-	if (threadMGR->threadStartQ) {
-		PR_DestroyCondVar(threadMGR->threadStartQ);
-		threadMGR->threadStartQ = NULL;
-	}
-	if (threadMGR->threadLock) {
-		PR_DestroyLock(threadMGR->threadLock);
-		threadMGR->threadLock = NULL;
-	}
+    if (threadMGR->threadEndQ) {
+	PR_DestroyCondVar(threadMGR->threadEndQ);
+	threadMGR->threadEndQ = NULL;
+    }
+    if (threadMGR->threadStartQ) {
+	PR_DestroyCondVar(threadMGR->threadStartQ);
+	threadMGR->threadStartQ = NULL;
+    }
+    if (threadMGR->threadLock) {
+	PR_DestroyLock(threadMGR->threadLock);
+	threadMGR->threadLock = NULL;
+    }
 }
 
 /**************************************************************************
@@ -559,44 +558,44 @@ destroy_thread_data(GlobalThreadMgr *threadMGR)
 void 
 lockedVars_Init( lockedVars * lv)
 {
-	lv->count	= 0;
-	lv->waiters = 0;
-	lv->lock	= PR_NewLock();
-	lv->condVar = PR_NewCondVar(lv->lock);
+    lv->count	= 0;
+    lv->waiters = 0;
+    lv->lock	= PR_NewLock();
+    lv->condVar = PR_NewCondVar(lv->lock);
 }
 
 void
 lockedVars_Destroy( lockedVars * lv)
 {
-	PR_DestroyCondVar(lv->condVar);
-	lv->condVar = NULL;
+    PR_DestroyCondVar(lv->condVar);
+    lv->condVar = NULL;
 
-	PR_DestroyLock(lv->lock);
-	lv->lock = NULL;
+    PR_DestroyLock(lv->lock);
+    lv->lock = NULL;
 }
 
 void
 lockedVars_WaitForDone(lockedVars * lv)
 {
-	PR_Lock(lv->lock);
-	while (lv->count > 0) {
-		PR_WaitCondVar(lv->condVar, PR_INTERVAL_NO_TIMEOUT);
-	}
-	PR_Unlock(lv->lock);
+    PR_Lock(lv->lock);
+    while (lv->count > 0) {
+	PR_WaitCondVar(lv->condVar, PR_INTERVAL_NO_TIMEOUT);
+    }
+    PR_Unlock(lv->lock);
 }
 
 int	/* returns count */
 lockedVars_AddToCount(lockedVars * lv, int addend)
 {
-	int rv;
+    int rv;
 
-	PR_Lock(lv->lock);
-	rv = lv->count += addend;
-	if (rv <= 0) {
+    PR_Lock(lv->lock);
+    rv = lv->count += addend;
+    if (rv <= 0) {
 	PR_NotifyCondVar(lv->condVar);
-	}
-	PR_Unlock(lv->lock);
-	return rv;
+    }
+    PR_Unlock(lv->lock);
+    return rv;
 }
 
 static char *
@@ -615,17 +614,18 @@ printCertProblems(FILE *outfile, CERTCertDBHandle *handle,
 	CERTCertificate *cert, PRBool checksig, 
 	SECCertUsage certUsage, void *pinArg)
 {
-    CERTVerifyLog log;
-    CERTVerifyLogNode *node = NULL;
-    unsigned int depth = (unsigned int)-1;
-    unsigned int flags = 0;
-    char *errstr = NULL;
+    CERTVerifyLog      log;
+    CERTVerifyLogNode *node   = NULL;
+    unsigned int       depth  = (unsigned int)-1;
+    unsigned int       flags  = 0;
+    char *             errstr = NULL;
+    PRErrorCode	       err    = PORT_GetError();
 
     log.arena = PORT_NewArena(512);
     log.head = log.tail = NULL;
     log.count = 0;
     CERT_VerifyCert(handle, cert, checksig, certUsage,
-	PR_Now(), pinArg, &log);
+	            PR_Now(), pinArg, &log);
 
     if (log.count > 0) {
 	fprintf(outfile,"PROBLEM WITH THE CERT CHAIN:\n");
@@ -696,5 +696,5 @@ printCertProblems(FILE *outfile, CERTCertDBHandle *handle,
 	    CERT_DestroyCertificate(node->cert);
 	}    
     }
-    return ;
+    PR_SetError(err, 0); /* restore original error code */
 }