Mail archive
alpine-aports

[alpine-aports] [PATCH] main/gnutls: security upgrade to 3.4.15 (GNUTLS-SA-2016-3)

From: Daniel Sabogal <dsabogalcc_at_gmail.com>
Date: Sun, 11 Sep 2016 15:38:03 -0400

Remove unused patches
---
 main/gnutls/APKBUILD                  |   32 +-
 main/gnutls/avoid-using-error_h.patch | 3170 ---------------------------------
 main/gnutls/libgmp.patch              |   11 -
 3 files changed, 11 insertions(+), 3202 deletions(-)
 delete mode 100644 main/gnutls/avoid-using-error_h.patch
 delete mode 100644 main/gnutls/libgmp.patch
diff --git a/main/gnutls/APKBUILD b/main/gnutls/APKBUILD
index e622a4e..9e65409 100644
--- a/main/gnutls/APKBUILD
+++ b/main/gnutls/APKBUILD
_at_@ -2,16 +2,15 @@
 # Contributor: Michael Mason <ms13sp_at_gmail.com>
 # Maintainer: Natanael Copa <ncopa_at_alpinelinux.org>
 pkgname=gnutls
-pkgver=3.4.14
-pkgrel=1
+pkgver=3.4.15
+pkgrel=0
 pkgdesc="A TLS protocol implementation"
 url="http://www.gnutls.org/"
 arch="all"
 license="GPL"
-depends=
+depends=""
 depends_dev="nettle-dev zlib-dev libtasn1-dev p11-kit-dev"
 makedepends="$depends_dev texinfo"
-install=
 subpackages="$pkgname-dbg $pkgname-doc $pkgname-dev $pkgname-utils $pkgname-c++:xx"
 _v=${pkgver%.*}
 case $pkgver in
_at_@ -20,19 +19,10 @@ esac
 source="ftp://ftp.gnutls.org/gcrypt/gnutls/v${_v}/$pkgname-$pkgver.tar.xz
 	"
 
-_builddir="$srcdir/$pkgname-$pkgver"
-
-prepare() {
-	cd "$_builddir"
-	for i in $source; do
-		case $i in
-		*.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;;
-		esac
-	done
-}
+builddir="$srcdir/$pkgname-$pkgver"
 
 build() {
-	cd "$_builddir"
+	cd "$builddir"
 	LIBS="-lgmp" ./configure \
 		--build=$CBUILD \
 		--host=$CHOST \
_at_@ -46,12 +36,12 @@ build() {
 		--disable-guile \
 		--disable-valgrind-tests \
 		|| return 1
-	make
+	make || return 1
 }
 
 package() {
-	cd "$_builddir"
-	make -j1 DESTDIR="$pkgdir" install
+	make -j1 DESTDIR="$pkgdir" \
+		-C "$builddir" install
 }
 
 utils() {
_at_@ -66,6 +56,6 @@ xx() {
 	mv "$pkgdir"/usr/lib/lib*xx.so.* "$subpkgdir"/usr/lib/
 }
 
-md5sums="ad3e269a6793424d5d21c9626e1c9ef1  gnutls-3.4.14.tar.xz"
-sha256sums="35deddf2779b76ac11057de38bf380b8066c05de21b94263ad5b6dfa75dfbb23  gnutls-3.4.14.tar.xz"
-sha512sums="d75f6b4dea2dc742cd7f60ee0ee540d41b69991aaa937ca0138cfdf4a1e0dfaaa3863464303bfa5799e14ee02de252f71c59a7a9e57b96ff8af653e419edfd4e  gnutls-3.4.14.tar.xz"
+md5sums="4ea5b239bd8bf1b734dda02997b36459  gnutls-3.4.15.tar.xz"
+sha256sums="eb2a013905f5f2a0cbf7bcc1d20c85a50065063ee87bd33b496c4e19815e3498  gnutls-3.4.15.tar.xz"
+sha512sums="03157f2da22890ecd080ad58144a9aabe933382c0b7e969b7b194a0248bb5e6e25207078c0a92755650d0004970eb1c0cf0140dbdbf2e615808f9978e965a5e5  gnutls-3.4.15.tar.xz"
diff --git a/main/gnutls/avoid-using-error_h.patch b/main/gnutls/avoid-using-error_h.patch
deleted file mode 100644
index b9e0c49..0000000
--- a/main/gnutls/avoid-using-error_h.patch
+++ /dev/null
_at_@ -1,3170 +0,0 @@
-From 1df1b0f7b28c733bf01e5d1faa2f8ccdb3db1665 Mon Sep 17 00:00:00 2001
-From: Nikos Mavrogiannopoulos <nmav_at_gnutls.org>
-Date: Mon, 2 Sep 2013 13:47:18 +0300
-Subject: [PATCH] Avoid using gnulib's error()
-
----
- src/certtool-common.c |  180 +++++++++---
- src/certtool-extras.c |   21 +-
- src/certtool.c        |  763 +++++++++++++++++++++++++++++++++++++++----------
- src/danetool.c        |   97 +++++--
- src/ocsptool-common.c |   48 +++-
- src/ocsptool.c        |  171 +++++++++---
- src/p11tool.c         |   16 +-
- src/pkcs11.c          |    1 -
- src/serv.c            |    2 +
- src/tpmtool.c         |   41 ++-
- 10 files changed, 1055 insertions(+), 285 deletions(-)
-
-diff --git a/src/certtool-common.c b/src/certtool-common.c
-index cca7c49..1799250 100644
---- a/src/certtool-common.c
-+++ b/src/certtool-common.c
-_at_@ -37,7 +37,6 @@
- #include <sys/types.h>
- #include <sys/stat.h>
- #include <fcntl.h>
--#include <error.h>
- #include <common.h>
- #include "certtool-common.h"
- #include "certtool-args.h"
-_at_@ -86,7 +85,10 @@ load_secret_key (int mand, common_info_st * info)
-   if (info->secret_key == NULL)
-     {
-       if (mand)
--        error (EXIT_FAILURE, 0, "missing --secret-key");
-+        {
-+          fprintf (stderr, "missing --secret-key");
-+          exit(1);
-+        }
-       else
-         return NULL;
-     }
-_at_@ -96,7 +98,10 @@ load_secret_key (int mand, common_info_st * info)
- 
-   ret = gnutls_hex_decode (&hex_key, raw_key, &raw_key_size);
-   if (ret < 0)
--    error (EXIT_FAILURE, 0, "hex_decode: %s", gnutls_strerror (ret));
-+    {
-+      fprintf (stderr, "hex_decode: %s", gnutls_strerror (ret));
-+      exit(1);
-+    }
- 
-   key.data = (void*)raw_key;
-   key.size = raw_key_size;
-_at_@ -135,7 +140,10 @@ const char* pass;
- 
-   ret = gnutls_privkey_init (&key);
-   if (ret < 0)
--    error (EXIT_FAILURE, 0, "privkey_init: %s", gnutls_strerror (ret));
-+    {
-+      fprintf (stderr, "privkey_init: %s", gnutls_strerror (ret));
-+      exit(1);
-+    }
- 
-   ret = gnutls_privkey_import_x509_raw (key, dat, info->incert_format, NULL, 0);
-   if (ret == GNUTLS_E_DECRYPTION_FAILED)
-_at_@ -146,14 +154,18 @@ const char* pass;
- 
-   if (ret == GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR)
-     {
--      error (EXIT_FAILURE, 0,
-+      fprintf (stderr,
-              "import error: could not find a valid PEM header; "
-              "check if your key is PKCS #12 encoded");
-+      exit(1);
-     }
- 
-   if (ret < 0)
--    error (EXIT_FAILURE, 0, "importing --load-privkey: %s: %s",
-+    {
-+      fprintf (stderr, "importing --load-privkey: %s: %s",
-            info->privkey, gnutls_strerror (ret));
-+      exit(1);
-+    }
- 
-   return key;
- }
-_at_@ -165,12 +177,18 @@ gnutls_privkey_t key;
- 
-   ret = gnutls_privkey_init (&key);
-   if (ret < 0)
--    error (EXIT_FAILURE, 0, "privkey_init: %s", gnutls_strerror (ret));
-+    {
-+      fprintf (stderr, "privkey_init: %s", gnutls_strerror (ret));
-+      exit(1);
-+    }
- 
-   ret = gnutls_privkey_import_url(key, url, 0);
-   if (ret < 0)
--    error (EXIT_FAILURE, 0, "importing key: %s: %s",
-+    {
-+      fprintf (stderr, "importing key: %s: %s",
-            url, gnutls_strerror (ret));
-+      exit(1);
-+    }
- 
-   return key;
- }
-_at_@ -214,7 +232,10 @@ load_private_key (int mand, common_info_st * info)
-     return NULL;
- 
-   if (info->privkey == NULL)
--    error (EXIT_FAILURE, 0, "missing --load-privkey");
-+    {
-+      fprintf (stderr, "missing --load-privkey");
-+      exit(1);
-+    }
- 
-   if (gnutls_url_is_supported(info->privkey) != 0)
-     return _load_url_privkey(info->privkey);
-_at_@ -223,7 +244,10 @@ load_private_key (int mand, common_info_st * info)
-   dat.size = size;
- 
-   if (!dat.data)
--    error (EXIT_FAILURE, errno, "reading --load-privkey: %s", info->privkey);
-+    {
-+      fprintf (stderr, "reading --load-privkey: %s", info->privkey);
-+      exit(1);
-+    }
- 
-   key = _load_privkey(&dat, info);
- 
-_at_@ -249,17 +273,26 @@ load_x509_private_key (int mand, common_info_st * info)
-     return NULL;
- 
-   if (info->privkey == NULL)
--    error (EXIT_FAILURE, 0, "missing --load-privkey");
-+    {
-+      fprintf (stderr, "missing --load-privkey");
-+      exit(1);
-+    }
- 
-   ret = gnutls_x509_privkey_init (&key);
-   if (ret < 0)
--    error (EXIT_FAILURE, 0, "privkey_init: %s", gnutls_strerror (ret));
-+    {
-+      fprintf( stderr, "privkey_init: %s", gnutls_strerror (ret));
-+      exit(1);
-+    }
- 
-   dat.data = (void*)read_binary_file (info->privkey, &size);
-   dat.size = size;
- 
-   if (!dat.data)
--    error (EXIT_FAILURE, errno, "reading --load-privkey: %s", info->privkey);
-+    {
-+      fprintf (stderr, "reading --load-privkey: %s", info->privkey);
-+      exit(1);
-+    }
- 
-   if (info->pkcs8)
-     {
-_at_@ -282,14 +315,18 @@ load_x509_private_key (int mand, common_info_st * info)
- 
-   if (ret == GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR)
-     {
--      error (EXIT_FAILURE, 0,
-+      fprintf (stderr,
-              "import error: could not find a valid PEM header; "
--             "check if your key is PKCS #12 encoded");
-+             "check if your key is PEM encoded");
-+      exit(1);
-     }
- 
-   if (ret < 0)
--    error (EXIT_FAILURE, 0, "importing --load-privkey: %s: %s",
-+    {
-+      fprintf( stderr, "importing --load-privkey: %s: %s",
-            info->privkey, gnutls_strerror (ret));
-+      exit(1);
-+    }
- 
-   return key;
- }
-_at_@ -332,14 +369,20 @@ load_cert_list (int mand, size_t * crt_size, common_info_st * info)
-   if (info->cert == NULL)
-     {
-       if (mand)
--        error (EXIT_FAILURE, 0, "missing --load-certificate");
-+        {
-+          fprintf (stderr, "missing --load-certificate");
-+          exit(1);
-+        }
-       else
-         return NULL;
-     }
- 
-   fd = fopen (info->cert, "r");
-   if (fd == NULL)
--    error (EXIT_FAILURE, errno, "%s", info->cert);
-+    {
-+      fprintf (stderr, "%s", info->cert);
-+      exit(1);
-+    }
- 
-   size = fread (buffer, 1, sizeof (buffer) - 1, fd);
-   buffer[size] = 0;
-_at_@ -353,7 +396,10 @@ load_cert_list (int mand, size_t * crt_size, common_info_st * info)
-     {
-       ret = gnutls_x509_crt_init (&crt[i]);
-       if (ret < 0)
--        error (EXIT_FAILURE, 0, "crt_init: %s", gnutls_strerror (ret));
-+        {
-+          fprintf(stderr, "crt_init: %s", gnutls_strerror (ret));
-+          exit(1);
-+        }
- 
-       dat.data = (void*)ptr;
-       dat.size = ptr_size;
-_at_@ -362,7 +408,10 @@ load_cert_list (int mand, size_t * crt_size, common_info_st * info)
-       if (ret < 0 && *crt_size > 0)
-         break;
-       if (ret < 0)
--        error (EXIT_FAILURE, 0, "crt_import: %s", gnutls_strerror (ret));
-+        {
-+          fprintf(stderr, "crt_import: %s", gnutls_strerror (ret));
-+          exit(1);
-+        }
- 
-       ptr = strstr (ptr, "---END");
-       if (ptr == NULL)
-_at_@ -399,26 +448,35 @@ load_request (common_info_st * info)
- 
-   ret = gnutls_x509_crq_init (&crq);
-   if (ret < 0)
--    error (EXIT_FAILURE, 0, "crq_init: %s", gnutls_strerror (ret));
-+    {
-+      fprintf(stderr, "crq_init: %s", gnutls_strerror (ret));
-+      exit(1);
-+    }
- 
-   dat.data = (void*)read_binary_file (info->request, &size);
-   dat.size = size;
- 
-   if (!dat.data)
--    error (EXIT_FAILURE, errno, "reading --load-request: %s", info->request);
-+    {
-+      fprintf (stderr, "reading --load-request: %s", info->request);
-+      exit(1);
-+    }
- 
-   ret = gnutls_x509_crq_import (crq, &dat, info->incert_format);
-   if (ret == GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR)
-     {
--      error (EXIT_FAILURE, 0,
-+      fprintf(stderr, 
-              "import error: could not find a valid PEM header");
-+      exit(1);
-     }
- 
-   free (dat.data);
-   if (ret < 0)
--    error (EXIT_FAILURE, 0, "importing --load-request: %s: %s",
--           info->request, gnutls_strerror (ret));
--
-+    {
-+      fprintf(stderr, "importing --load-request: %s: %s",
-+             info->request, gnutls_strerror (ret));
-+      exit(1);
-+    }
-   return crq;
- }
- 
-_at_@ -432,7 +490,10 @@ load_ca_private_key (common_info_st * info)
-   size_t size;
- 
-   if (info->ca_privkey == NULL)
--    error (EXIT_FAILURE, 0, "missing --load-ca-privkey");
-+    {
-+      fprintf(stderr, "missing --load-ca-privkey");
-+      exit(1);
-+    }
- 
-   if (gnutls_url_is_supported(info->ca_privkey) != 0)
-     return _load_url_privkey(info->ca_privkey);
-_at_@ -441,8 +502,11 @@ load_ca_private_key (common_info_st * info)
-   dat.size = size;
- 
-   if (!dat.data)
--    error (EXIT_FAILURE, errno, "reading --load-ca-privkey: %s",
-+    {
-+      fprintf (stderr, "reading --load-ca-privkey: %s",
-            info->ca_privkey);
-+      exit(1);
-+    }
- 
-   key = _load_privkey(&dat, info);
- 
-_at_@ -462,24 +526,36 @@ load_ca_cert (common_info_st * info)
-   size_t size;
- 
-   if (info->ca == NULL)
--    error (EXIT_FAILURE, 0, "missing --load-ca-certificate");
-+    {
-+      fprintf(stderr, "missing --load-ca-certificate");
-+      exit(1);
-+    }
- 
-   ret = gnutls_x509_crt_init (&crt);
-   if (ret < 0)
--    error (EXIT_FAILURE, 0, "crt_init: %s", gnutls_strerror (ret));
-+    {
-+      fprintf(stderr, "crt_init: %s", gnutls_strerror (ret));
-+      exit(1);
-+    }
- 
-   dat.data = (void*)read_binary_file (info->ca, &size);
-   dat.size = size;
- 
-   if (!dat.data)
--    error (EXIT_FAILURE, errno, "reading --load-ca-certificate: %s",
-+    {
-+      fprintf( stderr, "reading --load-ca-certificate: %s",
-            info->ca);
-+      exit(1);
-+    }
- 
-   ret = gnutls_x509_crt_import (crt, &dat, info->incert_format);
-   free (dat.data);
-   if (ret < 0)
--    error (EXIT_FAILURE, 0, "importing --load-ca-certificate: %s: %s",
--           info->ca, gnutls_strerror (ret));
-+    {
-+      fprintf(stderr, "importing --load-ca-certificate: %s: %s",
-+             info->ca, gnutls_strerror (ret));
-+      exit(1);
-+    }
- 
-   return crt;
- }
-_at_@ -499,20 +575,29 @@ load_pubkey (int mand, common_info_st * info)
-     return NULL;
- 
-   if (info->pubkey == NULL)
--    error (EXIT_FAILURE, 0, "missing --load-pubkey");
-+    {
-+      fprintf(stderr, "missing --load-pubkey");
-+      exit(1);
-+    }
- 
-   if (gnutls_url_is_supported(info->pubkey) != 0)
-     return _load_url_pubkey(info->pubkey);
- 
-   ret = gnutls_pubkey_init (&key);
-   if (ret < 0)
--    error (EXIT_FAILURE, 0, "privkey_init: %s", gnutls_strerror (ret));
-+    {
-+      fprintf(stderr, "privkey_init: %s", gnutls_strerror (ret));
-+      exit(1);
-+    }
- 
-   dat.data = (void*)read_binary_file (info->pubkey, &size);
-   dat.size = size;
- 
-   if (!dat.data)
--    error (EXIT_FAILURE, errno, "reading --load-pubkey: %s", info->pubkey);
-+    {
-+      fprintf( stderr, "reading --load-pubkey: %s", info->pubkey);
-+      exit(1);
-+    }
- 
-   ret = gnutls_pubkey_import (key, &dat, info->incert_format);
- 
-_at_@ -520,14 +605,18 @@ load_pubkey (int mand, common_info_st * info)
- 
-   if (ret == GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR)
-     {
--      error (EXIT_FAILURE, 0,
-+      fprintf(stderr, 
-              "import error: could not find a valid PEM header; "
-              "check if your key has the PUBLIC KEY header");
-+      exit(1);
-     }
- 
-   if (ret < 0)
--    error (EXIT_FAILURE, 0, "importing --load-pubkey: %s: %s",
-+    {
-+      fprintf(stderr, "importing --load-pubkey: %s: %s",
-            info->pubkey, gnutls_strerror (ret));
-+      exit(1);
-+    }
- 
-   return key;
- }
-_at_@ -539,8 +628,11 @@ int ret;
- 
-   ret = gnutls_pubkey_init(&pubkey);
-   if (ret < 0)
--    error (EXIT_FAILURE, 0, "gnutls_pubkey_init: %s",
-+    {
-+      fprintf(stderr, "gnutls_pubkey_init: %s",
-            gnutls_strerror (ret));
-+      exit(1);
-+    }
- 
-   if (!privkey || (ret = gnutls_pubkey_import_privkey(pubkey, privkey, 0, 0)) < 0)
-     { /* could not get (e.g. on PKCS #11 */
-_at_@ -747,7 +839,10 @@ size_t size;
- 
-   ret = gnutls_pubkey_print(pubkey, format, &data);
-   if (ret < 0)
--    error (EXIT_FAILURE, 0, "pubkey_print error: %s", gnutls_strerror (ret));
-+    {
-+      fprintf(stderr, "pubkey_print error: %s", gnutls_strerror (ret));
-+      exit(1);
-+    }
- 
-   fprintf (outfile, "%s\n", data.data);
-   gnutls_free (data.data);
-_at_@ -755,7 +850,10 @@ size_t size;
-   size = buffer_size;
-   ret = gnutls_pubkey_export (pubkey, GNUTLS_X509_FMT_PEM, buffer, &size);
-   if (ret < 0)
--    error (EXIT_FAILURE, 0, "export error: %s", gnutls_strerror (ret));
-+    {
-+      fprintf(stderr, "export error: %s", gnutls_strerror (ret));
-+      exit(1);
-+    }
- 
-   fprintf (outfile, "\n%s\n", buffer);
- }
-diff --git a/src/certtool-extras.c b/src/certtool-extras.c
-index 1422188..ee89434 100644
---- a/src/certtool-extras.c
-+++ b/src/certtool-extras.c
-_at_@ -38,7 +38,6 @@
- #include <sys/types.h>
- #include <sys/stat.h>
- #include <fcntl.h>
--#include <error.h>
- #include "certtool-common.h"
- #include "certtool-cfg.h"
- 
-_at_@ -64,14 +63,20 @@ load_privkey_list (int mand, size_t * privkey_size, common_info_st * info)
-   if (info->privkey == NULL)
-     {
-       if (mand)
--        error (EXIT_FAILURE, 0, "missing --load-privkey");
-+        {
-+          fprintf( stderr, "missing --load-privkey");
-+          exit(1);
-+        }
-       else
-         return NULL;
-     }
- 
-   ret = gnutls_load_file(info->privkey, &file_data);
-   if (ret < 0)
--    error (EXIT_FAILURE, errno, "%s", info->privkey);
-+    {
-+      fprintf (stderr, "%s", info->privkey);
-+      exit(1);
-+    }
- 
-   ptr = (void*)file_data.data;
-   ptr_size = file_data.size;
-_at_@ -80,7 +85,10 @@ load_privkey_list (int mand, size_t * privkey_size, common_info_st * info)
-     {
-       ret = gnutls_x509_privkey_init (&key[i]);
-       if (ret < 0)
--        error (EXIT_FAILURE, 0, "privkey_init: %s", gnutls_strerror (ret));
-+        {
-+          fprintf( stderr, "privkey_init: %s", gnutls_strerror (ret));
-+          exit(1);
-+        }
- 
-       dat.data = (void*)ptr;
-       dat.size = ptr_size;
-_at_@ -95,7 +103,10 @@ load_privkey_list (int mand, size_t * privkey_size, common_info_st * info)
-       if (ret < 0 && *privkey_size > 0)
-         break;
-       if (ret < 0)
--        error (EXIT_FAILURE, 0, "privkey_import: %s", gnutls_strerror (ret));
-+        {
-+          fprintf( stderr, "privkey_import: %s", gnutls_strerror (ret));
-+          exit(1);
-+        }
- 
-       (*privkey_size)++;
- 
-diff --git a/src/certtool.c b/src/certtool.c
-index 2a1a668..0ea52e8 100644
---- a/src/certtool.c
-+++ b/src/certtool.c
-_at_@ -38,7 +38,6 @@
- #include <sys/types.h>
- #include <sys/stat.h>
- #include <fcntl.h>
--#include <error.h>
- 
- /* Gnulib portability files. */
- #include <read-file.h>
-_at_@ -109,7 +108,10 @@ generate_private_key_int (common_info_st * cinfo)
- 
-   ret = gnutls_x509_privkey_init (&key);
-   if (ret < 0)
--    error (EXIT_FAILURE, 0, "privkey_init: %s", gnutls_strerror (ret));
-+    {
-+      fprintf(stderr, "privkey_init: %s", gnutls_strerror (ret));
-+      exit(1);
-+    }
- 
-   bits = get_bits (key_type, cinfo->bits, cinfo->sec_param, 1);
- 
-_at_@ -122,11 +124,17 @@ generate_private_key_int (common_info_st * cinfo)
- 
-   ret = gnutls_x509_privkey_generate (key, key_type, bits, 0);
-   if (ret < 0)
--    error (EXIT_FAILURE, 0, "privkey_generate: %s", gnutls_strerror (ret));
-+    {
-+      fprintf(stderr, "privkey_generate: %s", gnutls_strerror (ret));
-+      exit(1);
-+    }
- 
-   ret = gnutls_x509_privkey_verify_params (key);
-   if (ret < 0)
--    error (EXIT_FAILURE, 0, "privkey_verify_params: %s", gnutls_strerror (ret));
-+    {
-+      fprintf(stderr, "privkey_verify_params: %s", gnutls_strerror (ret));
-+      exit(1);
-+    }
- 
-   return key;
- }
-_at_@ -167,8 +175,8 @@ cipher_to_flags (const char *cipher)
-       return GNUTLS_PKCS_USE_PKCS12_RC2_40;
-     }
- 
--  error (EXIT_FAILURE, 0, "unknown cipher %s\n", cipher);
--  return -1;
-+  fprintf(stderr, "unknown cipher %s\n", cipher);
-+  exit(1);
- }
- 
- 
-_at_@ -190,7 +198,10 @@ print_private_key (common_info_st* cinfo, gnutls_x509_privkey_t key)
-       ret = gnutls_x509_privkey_export (key, outcert_format,
-                                         buffer, &size);
-       if (ret < 0)
--        error (EXIT_FAILURE, 0, "privkey_export: %s", gnutls_strerror (ret));
-+        {
-+          fprintf(stderr, "privkey_export: %s", gnutls_strerror (ret));
-+          exit(1);
-+        }
-     }
-   else
-     {
-_at_@ -205,8 +216,11 @@ print_private_key (common_info_st* cinfo, gnutls_x509_privkey_t key)
-         gnutls_x509_privkey_export_pkcs8 (key, outcert_format, pass,
-                                           flags, buffer, &size);
-       if (ret < 0)
--        error (EXIT_FAILURE, 0, "privkey_export_pkcs8: %s",
-+        {
-+          fprintf(stderr, "privkey_export_pkcs8: %s",
-                gnutls_strerror (ret));
-+          exit(1);
-+        }
-     }
- 
-   fwrite (buffer, 1, size, outfile);
-_at_@ -244,7 +258,10 @@ generate_certificate (gnutls_privkey_t * ret_key,
- 
-   ret = gnutls_x509_crt_init (&crt);
-   if (ret < 0)
--    error (EXIT_FAILURE, 0, "crt_init: %s", gnutls_strerror (ret));
-+    {
-+      fprintf(stderr, "crt_init: %s", gnutls_strerror (ret));
-+      exit(1);
-+    }
- 
-   crq = load_request (cinfo);
- 
-_at_@ -266,8 +283,11 @@ generate_certificate (gnutls_privkey_t * ret_key,
-         {
-           result = gnutls_x509_crt_set_proxy_dn (crt, ca_crt, 0, NULL, 0);
-           if (result < 0)
--            error (EXIT_FAILURE, 0, "set_proxy_dn: %s",
-+            {
-+              fprintf(stderr, "set_proxy_dn: %s",
-                    gnutls_strerror (result));
-+              exit(1);
-+            }
- 
-           get_dn_crt_set (crt);
-           get_cn_crt_set (crt);
-_at_@ -297,13 +317,19 @@ generate_certificate (gnutls_privkey_t * ret_key,
- 
-       result = gnutls_x509_crt_set_pubkey (crt, pubkey);
-       if (result < 0)
--        error (EXIT_FAILURE, 0, "set_key: %s", gnutls_strerror (result));
-+        {
-+          fprintf(stderr, "set_key: %s", gnutls_strerror (result));
-+          exit(1);
-+        }
-     }
-   else
-     {
-       result = gnutls_x509_crt_set_crq (crt, crq);
-       if (result < 0)
--        error (EXIT_FAILURE, 0, "set_crq: %s", gnutls_strerror (result));
-+        {
-+          fprintf(stderr, "set_crq: %s", gnutls_strerror (result));
-+          exit(1);
-+        }
-     }
- 
- 
-_at_@ -319,7 +345,10 @@ generate_certificate (gnutls_privkey_t * ret_key,
- 
-     result = gnutls_x509_crt_set_serial (crt, bin_serial, 5);
-     if (result < 0)
--      error (EXIT_FAILURE, 0, "serial: %s", gnutls_strerror (result));
-+      {
-+        fprintf(stderr, "serial: %s", gnutls_strerror (result));
-+        exit(1);
-+      }
-   }
- 
-   if (!batch)
-_at_@ -339,7 +368,10 @@ generate_certificate (gnutls_privkey_t * ret_key,
-   result =
-     gnutls_x509_crt_set_expiration_time (crt, secs);
-   if (result < 0)
--    error (EXIT_FAILURE, 0, "set_expiration: %s", gnutls_strerror (result));
-+    {
-+      fprintf(stderr, "set_expiration: %s", gnutls_strerror (result));
-+      exit(1);
-+    }
- 
-   if (!batch)
-     fprintf (stderr, "\n\nExtensions.\n");
-_at_@ -349,7 +381,10 @@ generate_certificate (gnutls_privkey_t * ret_key,
-     {
-       result = gnutls_x509_crt_set_crq_extensions (crt, crq);
-       if (result < 0)
--        error (EXIT_FAILURE, 0, "set_crq: %s", gnutls_strerror (result));
-+        {
-+          fprintf(stderr, "set_crq: %s", gnutls_strerror (result));
-+          exit(1);
-+        }
-     }
- 
-   /* append additional extensions */
-_at_@ -375,8 +410,11 @@ generate_certificate (gnutls_privkey_t * ret_key,
-             gnutls_x509_crt_set_proxy (crt, proxypathlen, policylanguage,
-                                        policy, policylen);
-           if (result < 0)
--            error (EXIT_FAILURE, 0, "set_proxy: %s",
-+            {
-+              fprintf(stderr, "set_proxy: %s",
-                    gnutls_strerror (result));
-+              exit(1);
-+            }
-         }
- 
-       if (!proxy)
-_at_@ -389,8 +427,11 @@ generate_certificate (gnutls_privkey_t * ret_key,
-       result =
-         gnutls_x509_crt_set_basic_constraints (crt, ca_status, path_len);
-       if (result < 0)
--        error (EXIT_FAILURE, 0, "basic_constraints: %s",
-+        {
-+          fprintf(stderr, "basic_constraints: %s",
-                gnutls_strerror (result));
-+          exit(1);
-+        }
- 
-       client = get_tls_client_status ();
-       if (client != 0)
-_at_@ -399,7 +440,10 @@ generate_certificate (gnutls_privkey_t * ret_key,
-                                                         GNUTLS_KP_TLS_WWW_CLIENT,
-                                                         0);
-           if (result < 0)
--            error (EXIT_FAILURE, 0, "key_kp: %s", gnutls_strerror (result));
-+            {
-+              fprintf(stderr, "key_kp: %s", gnutls_strerror (result));
-+              exit(1);
-+            }
-         }
- 
-       is_ike = get_ipsec_ike_status ();
-_at_@ -418,7 +462,10 @@ generate_certificate (gnutls_privkey_t * ret_key,
-             gnutls_x509_crt_set_key_purpose_oid (crt,
-                                                  GNUTLS_KP_TLS_WWW_SERVER, 0);
-           if (result < 0)
--            error (EXIT_FAILURE, 0, "key_kp: %s", gnutls_strerror (result));
-+            {
-+              fprintf(stderr, "key_kp: %s", gnutls_strerror (result));
-+              exit(1);
-+            }
-         }
-       else if (!proxy)
-         {
-_at_@ -451,8 +498,11 @@ generate_certificate (gnutls_privkey_t * ret_key,
-                 gnutls_x509_crt_set_key_purpose_oid (crt,
-                                                      GNUTLS_KP_IPSEC_IKE, 0);
-               if (result < 0)
--                error (EXIT_FAILURE, 0, "key_kp: %s",
-+                {
-+                  fprintf(stderr, "key_kp: %s",
-                        gnutls_strerror (result));
-+                  exit(1);
-+                }
-             }
-         }
- 
-_at_@ -475,8 +525,11 @@ generate_certificate (gnutls_privkey_t * ret_key,
-                                                      GNUTLS_KP_CODE_SIGNING,
-                                                      0);
-               if (result < 0)
--                error (EXIT_FAILURE, 0, "key_kp: %s",
-+                {
-+                  fprintf(stderr, "key_kp: %s",
-                        gnutls_strerror (result));
-+                  exit(1);
-+                }
-             }
- 
-           result = get_ocsp_sign_status ();
-_at_@ -487,8 +540,11 @@ generate_certificate (gnutls_privkey_t * ret_key,
-                                                      GNUTLS_KP_OCSP_SIGNING,
-                                                      0);
-               if (result < 0)
--                error (EXIT_FAILURE, 0, "key_kp: %s",
-+                {
-+                  fprintf(stderr, "key_kp: %s",
-                        gnutls_strerror (result));
-+                  exit(1);
-+                }
-             }
- 
-           result = get_time_stamp_status ();
-_at_@ -499,8 +555,11 @@ generate_certificate (gnutls_privkey_t * ret_key,
-                                                      GNUTLS_KP_TIME_STAMPING,
-                                                      0);
-               if (result < 0)
--                error (EXIT_FAILURE, 0, "key_kp: %s",
-+                {
-+                  fprintf(stderr, "key_kp: %s",
-                        gnutls_strerror (result));
-+                  exit(1);
-+                }
-             }
-         }
-       get_ocsp_issuer_set(crt);
-_at_@ -515,8 +574,11 @@ generate_certificate (gnutls_privkey_t * ret_key,
-             usage |= GNUTLS_KEY_NON_REPUDIATION;
-           result = gnutls_x509_crt_set_key_usage (crt, usage);
-           if (result < 0)
--            error (EXIT_FAILURE, 0, "key_usage: %s",
-+            {
-+              fprintf(stderr, "key_usage: %s",
-                    gnutls_strerror (result));
-+              exit(1);
-+            }
-         }
- 
-       /* Subject Key ID.
-_at_@ -527,8 +589,11 @@ generate_certificate (gnutls_privkey_t * ret_key,
-         {
-           result = gnutls_x509_crt_set_subject_key_id (crt, buffer, size);
-           if (result < 0)
--            error (EXIT_FAILURE, 0, "set_subject_key_id: %s",
-+            {
-+              fprintf(stderr, "set_subject_key_id: %s",
-                    gnutls_strerror (result));
-+              exit(1);
-+            }
-         }
- 
-       /* Authority Key ID.
-_at_@ -548,8 +613,11 @@ generate_certificate (gnutls_privkey_t * ret_key,
-               result =
-                 gnutls_x509_crt_set_authority_key_id (crt, buffer, size);
-               if (result < 0)
--                error (EXIT_FAILURE, 0, "set_authority_key_id: %s",
-+                {
-+                  fprintf(stderr, "set_authority_key_id: %s",
-                        gnutls_strerror (result));
-+                  exit(1);
-+                }
-             }
-         }
-     }
-_at_@ -562,7 +630,10 @@ generate_certificate (gnutls_privkey_t * ret_key,
-     vers = 3;
-   result = gnutls_x509_crt_set_version (crt, vers);
-   if (result < 0)
--    error (EXIT_FAILURE, 0, "set_version: %s", gnutls_strerror (result));
-+    {
-+      fprintf(stderr, "set_version: %s", gnutls_strerror (result));
-+      exit(1);
-+    }
- 
-   *ret_key = key;
-   return crt;
-_at_@ -581,7 +652,10 @@ generate_crl (gnutls_x509_crt_t ca_crt, common_info_st * cinfo)
- 
-   result = gnutls_x509_crl_init (&crl);
-   if (result < 0)
--    error (EXIT_FAILURE, 0, "crl_init: %s", gnutls_strerror (result));
-+    {
-+      fprintf(stderr, "crl_init: %s", gnutls_strerror (result));
-+      exit(1);
-+    }
- 
-   crts = load_cert_list (0, &size, cinfo);
- 
-_at_@ -589,23 +663,35 @@ generate_crl (gnutls_x509_crt_t ca_crt, common_info_st * cinfo)
-     {
-       result = gnutls_x509_crl_set_crt (crl, crts[i], now);
-       if (result < 0)
--        error (EXIT_FAILURE, 0, "crl_set_crt: %s", gnutls_strerror (result));
-+        {
-+          fprintf(stderr, "crl_set_crt: %s", gnutls_strerror (result));
-+          exit(1);
-+        }
-     }
- 
-   result = gnutls_x509_crl_set_this_update (crl, now);
-   if (result < 0)
--    error (EXIT_FAILURE, 0, "this_update: %s", gnutls_strerror (result));
-+    {
-+      fprintf(stderr, "this_update: %s", gnutls_strerror (result));
-+      exit(1);
-+    }
- 
-   fprintf (stderr, "Update times.\n");
-   days = get_crl_next_update ();
- 
-   result = gnutls_x509_crl_set_next_update (crl, now + days * 24 * 60 * 60);
-   if (result < 0)
--    error (EXIT_FAILURE, 0, "next_update: %s", gnutls_strerror (result));
-+    {
-+      fprintf(stderr, "next_update: %s", gnutls_strerror (result));
-+      exit(1);
-+    }
- 
-   result = gnutls_x509_crl_set_version (crl, 2);
-   if (result < 0)
--    error (EXIT_FAILURE, 0, "set_version: %s", gnutls_strerror (result));
-+    {
-+      fprintf(stderr, "set_version: %s", gnutls_strerror (result));
-+      exit(1);
-+    }
- 
-   /* Authority Key ID.
-    */
-_at_@ -623,8 +709,12 @@ generate_crl (gnutls_x509_crt_t ca_crt, common_info_st * cinfo)
-         {
-           result = gnutls_x509_crl_set_authority_key_id (crl, buffer, size);
-           if (result < 0)
--            error (EXIT_FAILURE, 0, "set_authority_key_id: %s",
-+            {
-+              fprintf(stderr, "set_authority_key_id: %s",
-                    gnutls_strerror (result));
-+              exit(1);
-+            }
-+
-         }
-     }
- 
-_at_@ -640,7 +730,10 @@ generate_crl (gnutls_x509_crt_t ca_crt, common_info_st * cinfo)
- 
-     result = gnutls_x509_crl_set_number (crl, bin_number, 5);
-     if (result < 0)
--      error (EXIT_FAILURE, 0, "set_number: %s", gnutls_strerror (result));
-+      {
-+        fprintf(stderr, "set_number: %s", gnutls_strerror (result));
-+        exit(1);
-+      }
-   }
- 
-   return crl;
-_at_@ -656,8 +749,11 @@ get_dig_for_pub (gnutls_pubkey_t pubkey)
-   result = gnutls_pubkey_get_preferred_hash_algorithm (pubkey, &dig, &mand);
-   if (result < 0)
-     {
--      error (EXIT_FAILURE, 0, "crt_get_preferred_hash_algorithm: %s",
-+      {
-+        fprintf(stderr, "crt_get_preferred_hash_algorithm: %s",
-              gnutls_strerror (result));
-+        exit(1);
-+      }
-     }
- 
-   /* if algorithm allows alternatives */
-_at_@ -679,8 +775,11 @@ get_dig (gnutls_x509_crt_t crt)
-   result = gnutls_pubkey_import_x509(pubkey, crt, 0);
-   if (result < 0)
-     {
--      error (EXIT_FAILURE, 0, "gnutls_pubkey_import_x509: %s",
-+      {
-+        fprintf(stderr, "gnutls_pubkey_import_x509: %s",
-              gnutls_strerror (result));
-+        exit(1);
-+      }
-     }
- 
-   dig = get_dig_for_pub (pubkey);
-_at_@ -713,8 +812,11 @@ generate_self_signed (common_info_st * cinfo)
-                                                     uri,
-                                                     0 /* all reasons */ );
-       if (result < 0)
--        error (EXIT_FAILURE, 0, "crl_dist_points: %s",
-+        {
-+          fprintf(stderr, "crl_dist_points: %s",
-                gnutls_strerror (result));
-+          exit(1);
-+        }
-     }
- 
-   print_certificate_info (crt, stderr, 0);
-_at_@ -723,12 +825,18 @@ generate_self_signed (common_info_st * cinfo)
- 
-   result = gnutls_x509_crt_privkey_sign (crt, crt, key, get_dig (crt), 0);
-   if (result < 0)
--    error (EXIT_FAILURE, 0, "crt_sign: %s", gnutls_strerror (result));
-+    {
-+      fprintf(stderr, "crt_sign: %s", gnutls_strerror (result));
-+      exit(1);
-+    }
- 
-   size = buffer_size;
-   result = gnutls_x509_crt_export (crt, outcert_format, buffer, &size);
-   if (result < 0)
--    error (EXIT_FAILURE, 0, "crt_export: %s", gnutls_strerror (result));
-+    {
-+      fprintf(stderr, "crt_export: %s", gnutls_strerror (result));
-+      exit(1);
-+    }
- 
-   fwrite (buffer, 1, size, outfile);
- 
-_at_@ -765,12 +873,18 @@ generate_signed_certificate (common_info_st * cinfo)
- 
-   result = gnutls_x509_crt_privkey_sign (crt, ca_crt, ca_key, get_dig (ca_crt), 0);
-   if (result < 0)
--    error (EXIT_FAILURE, 0, "crt_sign: %s", gnutls_strerror (result));
-+    {
-+      fprintf(stderr, "crt_sign: %s", gnutls_strerror (result));
-+      exit(1);
-+    }
- 
-   size = buffer_size;
-   result = gnutls_x509_crt_export (crt, outcert_format, buffer, &size);
-   if (result < 0)
--    error (EXIT_FAILURE, 0, "crt_export: %s", gnutls_strerror (result));
-+    {
-+      fprintf(stderr, "crt_export: %s", gnutls_strerror (result));
-+      exit(1);
-+    }
- 
-   fwrite (buffer, 1, size, outfile);
- 
-_at_@ -800,12 +914,18 @@ generate_proxy_certificate (common_info_st * cinfo)
- 
-   result = gnutls_x509_crt_privkey_sign (crt, eecrt, eekey, get_dig (eecrt), 0);
-   if (result < 0)
--    error (EXIT_FAILURE, 0, "crt_sign: %s", gnutls_strerror (result));
-+    {
-+      fprintf(stderr, "crt_sign: %s", gnutls_strerror (result));
-+      exit(1);
-+    }
- 
-   size = buffer_size;
-   result = gnutls_x509_crt_export (crt, outcert_format, buffer, &size);
-   if (result < 0)
--    error (EXIT_FAILURE, 0, "crt_export: %s", gnutls_strerror (result));
-+    {
-+      fprintf(stderr, "crt_export: %s", gnutls_strerror (result));
-+      exit(1);
-+    }
- 
-   fwrite (buffer, 1, size, outfile);
- 
-_at_@ -832,7 +952,10 @@ generate_signed_crl (common_info_st * cinfo)
-   fprintf (stderr, "\n");
-   result = gnutls_x509_crl_privkey_sign(crl, ca_crt, ca_key, get_dig (ca_crt), 0);
-   if (result < 0)
--    error (EXIT_FAILURE, 0, "crl_privkey_sign: %s", gnutls_strerror (result));
-+    {
-+      fprintf(stderr, "crl_privkey_sign: %s", gnutls_strerror (result));
-+      exit(1);
-+    }
- 
-   print_crl_info (crl, stderr);
- 
-_at_@ -865,18 +988,27 @@ update_signed_certificate (common_info_st * cinfo)
-   result =
-     gnutls_x509_crt_set_expiration_time (crt, tim + ((time_t) days) * 24 * 60 * 60);
-   if (result < 0)
--    error (EXIT_FAILURE, 0, "set_expiration: %s", gnutls_strerror (result));
-+    {
-+      fprintf(stderr, "set_expiration: %s", gnutls_strerror (result));
-+      exit(1);
-+    }
- 
-   fprintf (stderr, "\n\nSigning certificate...\n");
- 
-   result = gnutls_x509_crt_privkey_sign (crt, ca_crt, ca_key, get_dig (ca_crt), 0);
-   if (result < 0)
--    error (EXIT_FAILURE, 0, "crt_sign: %s", gnutls_strerror (result));
-+    {
-+      fprintf(stderr, "crt_sign: %s", gnutls_strerror (result));
-+      exit(1);
-+    }
- 
-   size = buffer_size;
-   result = gnutls_x509_crt_export (crt, outcert_format, buffer, &size);
-   if (result < 0)
--    error (EXIT_FAILURE, 0, "crt_export: %s", gnutls_strerror (result));
-+    {
-+      fprintf(stderr, "crt_export: %s", gnutls_strerror (result));
-+      exit(1);
-+    }
- 
-   fwrite (buffer, 1, size, outfile);
- 
-_at_@ -902,7 +1034,10 @@ cmd_parser (int argc, char **argv)
-     {
-       outfile = safe_open_rw (OPT_ARG(OUTFILE), privkey_op);
-       if (outfile == NULL)
--        error (EXIT_FAILURE, errno, "%s", OPT_ARG(OUTFILE));
-+        {
-+          fprintf(stderr, "%s", OPT_ARG(OUTFILE));
-+          exit(1);
-+        }
-     }
-   else
-     outfile = stdout;
-_at_@ -911,7 +1046,10 @@ cmd_parser (int argc, char **argv)
-     {
-       infile = fopen (OPT_ARG(INFILE), "rb");
-       if (infile == NULL)
--        error (EXIT_FAILURE, errno, "%s", OPT_ARG(INFILE));
-+        {
-+          fprintf(stderr, "%s", OPT_ARG(INFILE));
-+          exit(1);
-+        }
-     }
-   else
-     infile = stdin;
-_at_@ -955,7 +1093,10 @@ cmd_parser (int argc, char **argv)
-       else if (strcasecmp (OPT_ARG(HASH), "rmd160") == 0)
-         default_dig = GNUTLS_DIG_RMD160;
-       else
--        error (EXIT_FAILURE, 0, "invalid hash: %s", OPT_ARG(HASH));
-+        {
-+          fprintf(stderr, "invalid hash: %s", OPT_ARG(HASH));
-+          exit(1);
-+        }
-     }
- 
-   batch = 0;
-_at_@ -974,7 +1115,10 @@ cmd_parser (int argc, char **argv)
-     }
- 
-   if ((ret = gnutls_global_init ()) < 0)
--    error (EXIT_FAILURE, 0, "global_init: %s", gnutls_strerror (ret));
-+    {
-+      fprintf(stderr, "global_init: %s", gnutls_strerror (ret));
-+      exit(1);
-+    }
- 
- #ifdef ENABLE_PKCS11
-   pkcs11_common();
-_at_@ -1124,14 +1268,17 @@ certificate_info (int pubkey, common_info_st * cinfo)
-                                  GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED);
-   if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER)
-     {
--      error (0, 0, "too many certificates (%d); "
-+      fprintf( stderr, "too many certificates (%d); "
-              "will only read the first %d", crt_num, MAX_CRTS);
-       crt_num = MAX_CRTS;
-       ret = gnutls_x509_crt_list_import (crt, &crt_num, &pem,
-                                          incert_format, 0);
-     }
-   if (ret < 0)
--    error (EXIT_FAILURE, 0, "import error: %s", gnutls_strerror (ret));
-+    {
-+      fprintf(stderr, "import error: %s", gnutls_strerror (ret));
-+      exit(1);
-+    }
- 
-   free (pem.data);
- 
-_at_@ -1139,7 +1286,7 @@ certificate_info (int pubkey, common_info_st * cinfo)
- 
-   if (count > 1 && outcert_format == GNUTLS_X509_FMT_DER)
-     {
--      error (0, 0, "cannot output multiple certificates in DER format; "
-+      fprintf( stderr, "cannot output multiple certificates in DER format; "
-              "using PEM instead");
-       outcert_format = GNUTLS_X509_FMT_PEM;
-     }
-_at_@ -1160,7 +1307,10 @@ certificate_info (int pubkey, common_info_st * cinfo)
-           ret = gnutls_x509_crt_export (crt[i], outcert_format, buffer,
-                                         &size);
-           if (ret < 0)
--            error (EXIT_FAILURE, 0, "export error: %s", gnutls_strerror (ret));
-+            {
-+              fprintf(stderr, "export error: %s", gnutls_strerror (ret));
-+              exit(1);
-+            }
- 
-           fwrite (buffer, 1, size, outfile);
-         }
-_at_@ -1185,12 +1335,18 @@ pgp_certificate_info (void)
- 
-   ret = gnutls_openpgp_crt_init (&crt);
-   if (ret < 0)
--    error (EXIT_FAILURE, 0, "openpgp_crt_init: %s", gnutls_strerror (ret));
-+    {
-+      fprintf(stderr, "openpgp_crt_init: %s", gnutls_strerror (ret));
-+      exit(1);
-+    }
- 
-   ret = gnutls_openpgp_crt_import (crt, &pem, incert_format);
- 
-   if (ret < 0)
--    error (EXIT_FAILURE, 0, "import error: %s", gnutls_strerror (ret));
-+    {
-+      fprintf(stderr, "import error: %s", gnutls_strerror (ret));
-+      exit(1);
-+    }
- 
-   free (pem.data);
- 
-_at_@ -1209,8 +1365,11 @@ pgp_certificate_info (void)
-   ret = gnutls_openpgp_crt_verify_self (crt, 0, &verify_status);
-   if (ret < 0)
-     {
--      error (EXIT_FAILURE, 0, "verify signature error: %s",
-+      {
-+        fprintf(stderr, "verify signature error: %s",
-              gnutls_strerror (ret));
-+        exit(1);
-+      }
-     }
- 
-   if (verify_status & GNUTLS_CERT_INVALID)
-_at_@ -1227,8 +1386,8 @@ pgp_certificate_info (void)
-   ret = gnutls_openpgp_crt_export (crt, outcert_format, buffer, &size);
-   if (ret < 0)
-     {
--      error (EXIT_FAILURE, 0, "export error: %s", gnutls_strerror (ret));
--      fwrite (buffer, 1, size, outfile);
-+      fprintf(stderr, "export error: %s", gnutls_strerror (ret));
-+      exit(1);
-     }
- 
-   fprintf (outfile, "%s\n", buffer);
-_at_@ -1257,14 +1416,20 @@ pgp_privkey_info (void)
-                                        NULL, 0);
- 
-   if (ret < 0)
--    error (EXIT_FAILURE, 0, "import error: %s", gnutls_strerror (ret));
-+    {
-+      fprintf(stderr, "import error: %s", gnutls_strerror (ret));
-+      exit(1);
-+    }
- 
-   /* Public key algorithm
-    */
-   subkeys = gnutls_openpgp_privkey_get_subkey_count (key);
-   if (subkeys < 0)
--    error (EXIT_FAILURE, 0, "privkey_get_subkey_count: %s",
-+    {
-+      fprintf(stderr, "privkey_get_subkey_count: %s",
-            gnutls_strerror (subkeys));
-+      exit(1);
-+    }
- 
-   for (i = -1; i < subkeys; i++)
-     {
-_at_@ -1378,7 +1543,10 @@ pgp_privkey_info (void)
-   ret = gnutls_openpgp_privkey_export (key, GNUTLS_OPENPGP_FMT_BASE64,
-                                        NULL, 0, buffer, &size);
-   if (ret < 0)
--    error (EXIT_FAILURE, 0, "export error: %s", gnutls_strerror (ret));
-+    {
-+      fprintf(stderr, "export error: %s", gnutls_strerror (ret));
-+      exit(1);
-+    }
- 
-   fprintf (outfile, "\n%s\n", buffer);
- 
-_at_@ -1399,13 +1567,19 @@ pgp_ring_info (void)
- 
-   ret = gnutls_openpgp_keyring_init (&ring);
-   if (ret < 0)
--    error (EXIT_FAILURE, 0, "openpgp_keyring_init: %s",
-+    {
-+      fprintf(stderr, "openpgp_keyring_init: %s",
-            gnutls_strerror (ret));
-+      exit(1);
-+    }
- 
-   ret = gnutls_openpgp_keyring_import (ring, &pem, incert_format);
- 
-   if (ret < 0)
--    error (EXIT_FAILURE, 0, "import error: %s", gnutls_strerror (ret));
-+    {
-+      fprintf(stderr, "import error: %s", gnutls_strerror (ret));
-+      exit(1);
-+    }
- 
-   free (pem.data);
- 
-_at_@ -1413,19 +1587,28 @@ pgp_ring_info (void)
-   if (count >= 0)
-     fprintf (outfile, "Keyring contains %d OpenPGP certificates\n\n", count);
-   else
--    error (EXIT_FAILURE, 0, "keyring error: %s", gnutls_strerror (count));
-+    {
-+      fprintf(stderr, "keyring error: %s", gnutls_strerror (count));
-+      exit(1);
-+    }
- 
-   for (i = 0; i < count; i++)
-     {
-       ret = gnutls_openpgp_keyring_get_crt (ring, i, &crt);
-       if (ret < 0)
--        error (EXIT_FAILURE, 0, "export error: %s", gnutls_strerror (ret));
-+        {
-+          fprintf(stderr, "export error: %s", gnutls_strerror (ret));
-+          exit(1);
-+        }
- 
-       size = buffer_size;
-       ret = gnutls_openpgp_crt_export (crt, outcert_format,
-                                        buffer, &size);
-       if (ret < 0)
--        error (EXIT_FAILURE, 0, "export error: %s", gnutls_strerror (ret));
-+        {
-+          fprintf(stderr, "export error: %s", gnutls_strerror (ret));
-+          exit(1);
-+        }
- 
-       fwrite (buffer, 1, size, outfile);
-       fprintf (outfile, "\n\n");
-_at_@ -1475,7 +1658,10 @@ print_crl_info (gnutls_x509_crl_t crl, FILE * out)
- 
-   ret = gnutls_x509_crl_print (crl, full_format, &data);
-   if (ret < 0)
--    error (EXIT_FAILURE, 0, "crl_print: %s", gnutls_strerror (ret));
-+    {
-+      fprintf(stderr, "crl_print: %s", gnutls_strerror (ret));
-+      exit(1);
-+    }
- 
-   fprintf (out, "%s\n", data.data);
- 
-_at_@ -1484,7 +1670,10 @@ print_crl_info (gnutls_x509_crl_t crl, FILE * out)
-   size = buffer_size;
-   ret = gnutls_x509_crl_export (crl, GNUTLS_X509_FMT_PEM, buffer, &size);
-   if (ret < 0)
--    error (EXIT_FAILURE, 0, "crl_export: %s", gnutls_strerror (ret));
-+    {
-+      fprintf(stderr, "crl_export: %s", gnutls_strerror (ret));
-+      exit(1);
-+    }
- 
-   fwrite (buffer, 1, size, outfile);
- }
-_at_@ -1499,20 +1688,29 @@ crl_info (void)
- 
-   ret = gnutls_x509_crl_init (&crl);
-   if (ret < 0)
--    error (EXIT_FAILURE, 0, "crl_init: %s", gnutls_strerror (ret));
-+    {
-+      fprintf(stderr, "crl_init: %s", gnutls_strerror (ret));
-+      exit(1);
-+    }
- 
-   pem.data = (void*)fread_file (infile, &size);
-   pem.size = size;
- 
-   if (!pem.data)
--    error (EXIT_FAILURE, errno, "%s", infile ? "file" :
-+    {
-+      fprintf(stderr, "%s", infile ? "file" :
-            "standard input");
-+      exit(1);
-+    }
- 
-   ret = gnutls_x509_crl_import (crl, &pem, incert_format);
- 
-   free (pem.data);
-   if (ret < 0)
--    error (EXIT_FAILURE, 0, "import error: %s", gnutls_strerror (ret));
-+    {
-+      fprintf(stderr, "import error: %s", gnutls_strerror (ret));
-+      exit(1);
-+    }
- 
-   print_crl_info (crl, outfile);
- 
-_at_@ -1530,7 +1728,10 @@ print_crq_info (gnutls_x509_crq_t crq, FILE * out)
-     {
-       ret = gnutls_x509_crq_print (crq, full_format, &data);
-       if (ret < 0)
--        error (EXIT_FAILURE, 0, "crq_print: %s", gnutls_strerror (ret));
-+        {
-+          fprintf(stderr, "crq_print: %s", gnutls_strerror (ret));
-+          exit(1);
-+        }
- 
-       fprintf (out, "%s\n", data.data);
- 
-_at_@ -1550,7 +1751,10 @@ print_crq_info (gnutls_x509_crq_t crq, FILE * out)
-   size = buffer_size;
-   ret = gnutls_x509_crq_export (crq, outcert_format, buffer, &size);
-   if (ret < 0)
--    error (EXIT_FAILURE, 0, "crq_export: %s", gnutls_strerror (ret));
-+    {
-+      fprintf(stderr, "crq_export: %s", gnutls_strerror (ret));
-+      exit(1);
-+    }
- 
-   fwrite (buffer, 1, size, outfile);
- }
-_at_@ -1565,20 +1769,29 @@ crq_info (void)
- 
-   ret = gnutls_x509_crq_init (&crq);
-   if (ret < 0)
--    error (EXIT_FAILURE, 0, "crq_init: %s", gnutls_strerror (ret));
-+    {
-+      fprintf(stderr, "crq_init: %s", gnutls_strerror (ret));
-+      exit(1);
-+    }
- 
-   pem.data = (void*)fread_file (infile, &size);
-   pem.size = size;
- 
-   if (!pem.data)
--    error (EXIT_FAILURE, errno, "%s", infile ? "file" :
-+    {
-+      fprintf(stderr, "%s", infile ? "file" :
-            "standard input");
-+      exit(1);
-+    }
- 
-   ret = gnutls_x509_crq_import (crq, &pem, incert_format);
- 
-   free (pem.data);
-   if (ret < 0)
--    error (EXIT_FAILURE, 0, "import error: %s", gnutls_strerror (ret));
-+    {
-+      fprintf(stderr, "import error: %s", gnutls_strerror (ret));
-+      exit(1);
-+    }
- 
-   print_crq_info (crq, outfile);
- 
-_at_@ -1724,7 +1937,10 @@ privkey_info (common_info_st* cinfo)
-                                                   incert_format, pass, flags);
-     }
-   if (ret < 0)
--    error (EXIT_FAILURE, 0, "import error: %s", gnutls_strerror (ret));
-+    {
-+      fprintf(stderr, "import error: %s", gnutls_strerror (ret));
-+      exit(1);
-+    }
- 
-   if (outcert_format == GNUTLS_X509_FMT_PEM)
-     privkey_info_int (cinfo, key);
-_at_@ -1736,7 +1952,10 @@ privkey_info (common_info_st* cinfo)
-   size = buffer_size;
-   ret = gnutls_x509_privkey_export (key, outcert_format, buffer, &size);
-   if (ret < 0)
--    error (EXIT_FAILURE, 0, "export error: %s", gnutls_strerror (ret));
-+    {
-+      fprintf(stderr, "export error: %s", gnutls_strerror (ret));
-+      exit(1);
-+    }
- 
-   fwrite (buffer, 1, size, outfile);
- 
-_at_@ -1761,7 +1980,10 @@ generate_request (common_info_st * cinfo)
- 
-   ret = gnutls_x509_crq_init (&crq);
-   if (ret < 0)
--    error (EXIT_FAILURE, 0, "crq_init: %s", gnutls_strerror (ret));
-+    {
-+      fprintf(stderr, "crq_init: %s", gnutls_strerror (ret));
-+      exit(1);
-+    }
- 
- 
-   /* Load the private key.
-_at_@ -1771,7 +1993,10 @@ generate_request (common_info_st * cinfo)
-     {
-       ret = gnutls_privkey_init (&pkey);
-       if (ret < 0)
--        error (EXIT_FAILURE, 0, "privkey_init: %s", gnutls_strerror (ret));
-+        {
-+          fprintf(stderr, "privkey_init: %s", gnutls_strerror (ret));
-+          exit(1);
-+        }
- 
-       xkey = generate_private_key_int (cinfo);
- 
-_at_@ -1779,7 +2004,10 @@ generate_request (common_info_st * cinfo)
- 
-       ret = gnutls_privkey_import_x509(pkey, xkey, GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE);
-       if (ret < 0)
--        error (EXIT_FAILURE, 0, "privkey_import_x509: %s", gnutls_strerror (ret));
-+        {
-+          fprintf(stderr, "privkey_import_x509: %s", gnutls_strerror (ret));
-+          exit(1);
-+        }
-     }
- 
-   pubkey = load_public_key_or_import (1, pkey, cinfo);
-_at_@ -1812,7 +2040,10 @@ generate_request (common_info_st * cinfo)
-     {
-       ret = gnutls_x509_crq_set_challenge_password (crq, pass);
-       if (ret < 0)
--        error (EXIT_FAILURE, 0, "set_pass: %s", gnutls_strerror (ret));
-+        {
-+          fprintf(stderr, "set_pass: %s", gnutls_strerror (ret));
-+          exit(1);
-+        }
-     }
- 
-   if (cinfo->crq_extensions != 0)
-_at_@ -1825,8 +2056,11 @@ generate_request (common_info_st * cinfo)
- 
-       ret = gnutls_x509_crq_set_basic_constraints (crq, ca_status, path_len);
-       if (ret < 0)
--        error (EXIT_FAILURE, 0, "set_basic_constraints: %s",
-+        {
-+          fprintf(stderr, "set_basic_constraints: %s",
-                gnutls_strerror (ret));
-+          exit(1);
-+        }
- 
-       if (pk == GNUTLS_PK_RSA)
-         {
-_at_@ -1861,7 +2095,10 @@ generate_request (common_info_st * cinfo)
-               ret = gnutls_x509_crq_set_key_purpose_oid
-                 (crq, GNUTLS_KP_CODE_SIGNING, 0);
-               if (ret < 0)
--                error (EXIT_FAILURE, 0, "key_kp: %s", gnutls_strerror (ret));
-+                {
-+                  fprintf(stderr, "key_kp: %s", gnutls_strerror (ret));
-+                  exit(1);
-+                }
-             }
- 
-           ret = get_ocsp_sign_status ();
-_at_@ -1870,7 +2107,10 @@ generate_request (common_info_st * cinfo)
-               ret = gnutls_x509_crq_set_key_purpose_oid
-                 (crq, GNUTLS_KP_OCSP_SIGNING, 0);
-               if (ret < 0)
--                error (EXIT_FAILURE, 0, "key_kp: %s", gnutls_strerror (ret));
-+                {
-+                  fprintf(stderr, "key_kp: %s", gnutls_strerror (ret));
-+                  exit(1);
-+                }
-             }
- 
-           ret = get_time_stamp_status ();
-_at_@ -1879,7 +2119,10 @@ generate_request (common_info_st * cinfo)
-               ret = gnutls_x509_crq_set_key_purpose_oid
-                 (crq, GNUTLS_KP_TIME_STAMPING, 0);
-               if (ret < 0)
--                error (EXIT_FAILURE, 0, "key_kp: %s", gnutls_strerror (ret));
-+                {
-+                  fprintf(stderr, "key_kp: %s", gnutls_strerror (ret));
-+                  exit(1);
-+                }
-             }
- 
-           ret = get_ipsec_ike_status ();
-_at_@ -1888,13 +2131,19 @@ generate_request (common_info_st * cinfo)
-               ret = gnutls_x509_crq_set_key_purpose_oid
-                 (crq, GNUTLS_KP_IPSEC_IKE, 0);
-               if (ret < 0)
--                error (EXIT_FAILURE, 0, "key_kp: %s", gnutls_strerror (ret));
-+                {
-+                  fprintf(stderr, "key_kp: %s", gnutls_strerror (ret));
-+                  exit(1);
-+                }
-             }
-         }
- 
-       ret = gnutls_x509_crq_set_key_usage (crq, usage);
-       if (ret < 0)
--        error (EXIT_FAILURE, 0, "key_usage: %s", gnutls_strerror (ret));
-+        {
-+          fprintf(stderr, "key_usage: %s", gnutls_strerror (ret));
-+          exit(1);
-+        }
- 
-       ret = get_tls_client_status ();
-       if (ret != 0)
-_at_@ -1902,7 +2151,10 @@ generate_request (common_info_st * cinfo)
-           ret = gnutls_x509_crq_set_key_purpose_oid
-             (crq, GNUTLS_KP_TLS_WWW_CLIENT, 0);
-           if (ret < 0)
--            error (EXIT_FAILURE, 0, "key_kp: %s", gnutls_strerror (ret));
-+            {
-+              fprintf(stderr, "key_kp: %s", gnutls_strerror (ret));
-+              exit(1);
-+            }
-         }
- 
-       ret = get_tls_server_status ();
-_at_@ -1911,7 +2163,10 @@ generate_request (common_info_st * cinfo)
-           ret = gnutls_x509_crq_set_key_purpose_oid
-             (crq, GNUTLS_KP_TLS_WWW_SERVER, 0);
-           if (ret < 0)
--            error (EXIT_FAILURE, 0, "key_kp: %s", gnutls_strerror (ret));
-+            {
-+              fprintf(stderr, "key_kp: %s", gnutls_strerror (ret));
-+              exit(1);
-+            }
-         }
- 
-       get_key_purpose_set (TYPE_CRQ, crq);
-_at_@ -1919,11 +2174,17 @@ generate_request (common_info_st * cinfo)
- 
-   ret = gnutls_x509_crq_set_pubkey (crq, pubkey);
-   if (ret < 0)
--    error (EXIT_FAILURE, 0, "set_key: %s", gnutls_strerror (ret));
-+    {
-+      fprintf(stderr, "set_key: %s", gnutls_strerror (ret));
-+      exit(1);
-+    }
- 
-   ret = gnutls_x509_crq_privkey_sign (crq, pkey, get_dig_for_pub (pubkey), 0);
-   if (ret < 0)
--    error (EXIT_FAILURE, 0, "sign: %s", gnutls_strerror (ret));
-+    {
-+      fprintf(stderr, "sign: %s", gnutls_strerror (ret));
-+      exit(1);
-+    }
- 
-   print_crq_info (crq, outfile);
- 
-_at_@ -1950,13 +2211,19 @@ static int detailed_verification(gnutls_x509_crt_t cert,
-   ret =
-     gnutls_x509_crt_get_issuer_dn (cert, issuer_name, &issuer_name_size);
-   if (ret < 0)
--    error (EXIT_FAILURE, 0, "gnutls_x509_crt_get_issuer_dn: %s", gnutls_strerror (ret));
-+    {
-+      fprintf(stderr, "gnutls_x509_crt_get_issuer_dn: %s", gnutls_strerror (ret));
-+      exit(1);
-+    }
- 
-   name_size = sizeof (name);
-   ret =
-     gnutls_x509_crt_get_dn (cert, name, &name_size);
-   if (ret < 0)
--    error (EXIT_FAILURE, 0, "gnutls_x509_crt_get_dn: %s", gnutls_strerror (ret));
-+    {
-+      fprintf(stderr, "gnutls_x509_crt_get_dn: %s", gnutls_strerror (ret));
-+      exit(1);
-+    }
- 
-   fprintf (outfile, "\tSubject: %s\n", name);
-   fprintf (outfile, "\tIssuer: %s\n", issuer_name);
-_at_@ -1967,7 +2234,10 @@ static int detailed_verification(gnutls_x509_crt_t cert,
-       ret =
-         gnutls_x509_crt_get_dn (issuer, issuer_name, &issuer_name_size);
-       if (ret < 0)
--        error (EXIT_FAILURE, 0, "gnutls_x509_crt_get_issuer_dn: %s", gnutls_strerror (ret));
-+        {
-+          fprintf(stderr, "gnutls_x509_crt_get_issuer_dn: %s", gnutls_strerror (ret));
-+          exit(1);
-+        }
- 
-       fprintf (outfile, "\tChecked against: %s\n", issuer_name);
-     }
-_at_@ -1980,7 +2250,10 @@ static int detailed_verification(gnutls_x509_crt_t cert,
-       ret =
-         gnutls_x509_crl_get_issuer_dn (crl, issuer_name, &issuer_name_size);
-       if (ret < 0)
--        error (EXIT_FAILURE, 0, "gnutls_x509_crl_get_issuer_dn: %s", gnutls_strerror (ret));
-+        {
-+          fprintf(stderr, "gnutls_x509_crl_get_issuer_dn: %s", gnutls_strerror (ret));
-+          exit(1);
-+        }
- 
-       name_size = sizeof(tmp);
-       ret = gnutls_x509_crl_get_number(crl, tmp, &name_size, NULL);
-_at_@ -1994,7 +2267,10 @@ static int detailed_verification(gnutls_x509_crt_t cert,
-           name_size = sizeof(name);
-           ret = gnutls_hex_encode(&data, name, &name_size);
-           if (ret < 0)
--            error (EXIT_FAILURE, 0, "gnutls_hex_encode: %s", gnutls_strerror (ret));
-+            {
-+              fprintf(stderr, "gnutls_hex_encode: %s", gnutls_strerror (ret));
-+              exit(1);
-+            }
-         }
-       fprintf (outfile, "\tChecked against CRL[%s] of: %s\n", name, issuer_name);
-     }
-_at_@ -2025,8 +2301,11 @@ _verify_x509_mem (const void *cert, int cert_size, const void* ca, int ca_size)
- 
-   ret = gnutls_x509_trust_list_init(&list, 0);
-   if (ret < 0)
--     error (EXIT_FAILURE, 0, "gnutls_x509_trust_list_init: %s", 
-+     {
-+       fprintf(stderr, "gnutls_x509_trust_list_init: %s", 
-                  gnutls_strerror (ret));
-+       exit(1);
-+     }
- 
-   if (ca == NULL)
-     {
-_at_@ -2042,8 +2321,11 @@ _verify_x509_mem (const void *cert, int cert_size, const void* ca, int ca_size)
-       ret = gnutls_x509_crt_list_import2( &x509_ca_list, &x509_ncas, &tmp, 
-         GNUTLS_X509_FMT_PEM, 0);
-       if (ret < 0 || x509_ncas < 1)
--         error (EXIT_FAILURE, 0, "error parsing CAs: %s", 
-+         {
-+           fprintf(stderr, "error parsing CAs: %s", 
-                      gnutls_strerror (ret));
-+           exit(1);
-+         }
-     }
- 
-   ret = gnutls_x509_crl_list_import2( &x509_crl_list, &x509_ncrls, &tmp, 
-_at_@ -2061,8 +2343,11 @@ _verify_x509_mem (const void *cert, int cert_size, const void* ca, int ca_size)
-   ret = gnutls_x509_crt_list_import2( &x509_cert_list, &x509_ncerts, &tmp, 
-     GNUTLS_X509_FMT_PEM, 0);
-   if (ret < 0 || x509_ncerts < 1)
--     error (EXIT_FAILURE, 0, "error parsing CRTs: %s", 
-+     {
-+       fprintf(stderr, "error parsing CRTs: %s", 
-                  gnutls_strerror (ret));
-+       exit(1);
-+     }
- 
-   if (ca == NULL)
-     {
-_at_@ -2075,13 +2360,19 @@ _verify_x509_mem (const void *cert, int cert_size, const void* ca, int ca_size)
- 
-   ret = gnutls_x509_trust_list_add_cas(list, x509_ca_list, x509_ncas, 0);
-   if (ret < 0)
--     error (EXIT_FAILURE, 0, "gnutls_x509_trust_add_cas: %s", 
-+     {
-+       fprintf(stderr, "gnutls_x509_trust_add_cas: %s", 
-                  gnutls_strerror (ret));
-+       exit(1);
-+     }
- 
-   ret = gnutls_x509_trust_list_add_crls(list, x509_crl_list, x509_ncrls, 0, 0);
-   if (ret < 0)
--     error (EXIT_FAILURE, 0, "gnutls_x509_trust_add_crls: %s", 
-+     {
-+       fprintf(stderr, "gnutls_x509_trust_add_crls: %s", 
-                  gnutls_strerror (ret));
-+       exit(1);
-+     }
- 
-   gnutls_free(x509_crl_list);
- 
-_at_@ -2089,8 +2380,11 @@ _verify_x509_mem (const void *cert, int cert_size, const void* ca, int ca_size)
-     GNUTLS_VERIFY_DO_NOT_ALLOW_SAME|GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT, &output,
-     detailed_verification);
-   if (ret < 0)
--     error (EXIT_FAILURE, 0, "gnutls_x509_trusted_list_verify_crt: %s", 
-+     {
-+       fprintf(stderr, "gnutls_x509_trusted_list_verify_crt: %s", 
-                  gnutls_strerror (ret));
-+       exit(1);
-+     }
- 
-   fprintf (outfile, "Chain verification output: ");
-   print_verification_res(outfile, output);
-_at_@ -2140,7 +2434,10 @@ verify_chain (void)
- 
-   buf = (void*)fread_file (infile, &size);
-   if (buf == NULL)
--    error (EXIT_FAILURE, errno, "reading chain");
-+    {
-+      fprintf(stderr, "reading chain");
-+       exit(1);
-+     }
- 
-   buf[size] = 0;
- 
-_at_@ -2157,17 +2454,26 @@ verify_certificate (common_info_st * cinfo)
-   FILE * ca_file = fopen(cinfo->ca, "r");
-   
-   if (ca_file == NULL)
--    error (EXIT_FAILURE, errno, "opening CA file");
-+    {
-+      fprintf(stderr, "opening CA file");
-+       exit(1);
-+     }
- 
-   cert = (void*)fread_file (infile, &cert_size);
-   if (cert == NULL)
--    error (EXIT_FAILURE, errno, "reading certificate chain");
-+    {
-+      fprintf(stderr, "reading certificate chain");
-+       exit(1);
-+     }
- 
-   cert[cert_size] = 0;
- 
-   cas = (void*)fread_file (ca_file, &ca_size);
-   if (cas == NULL)
--    error (EXIT_FAILURE, errno, "reading CA list");
-+    {
-+      fprintf(stderr, "reading CA list");
-+       exit(1);
-+     }
- 
-   cas[ca_size] = 0;
-   fclose(ca_file);
-_at_@ -2195,13 +2501,19 @@ verify_crl (common_info_st * cinfo)
-   dn_size = sizeof (dn);
-   ret = gnutls_x509_crt_get_dn (issuer, dn, &dn_size);
-   if (ret < 0)
--    error (EXIT_FAILURE, 0, "crt_get_dn: %s", gnutls_strerror (ret));
-+    {
-+      fprintf(stderr, "crt_get_dn: %s", gnutls_strerror (ret));
-+       exit(1);
-+     }
- 
-   fprintf (outfile, "\tSubject: %s\n\n", dn);
- 
-   ret = gnutls_x509_crl_init (&crl);
-   if (ret < 0)
--    error (EXIT_FAILURE, 0, "crl_init: %s", gnutls_strerror (ret));
-+    {
-+      fprintf(stderr, "crl_init: %s", gnutls_strerror (ret));
-+       exit(1);
-+     }
- 
-   pem.data = (void*)fread_file (infile, &size);
-   pem.size = size;
-_at_@ -2209,14 +2521,20 @@ verify_crl (common_info_st * cinfo)
-   ret = gnutls_x509_crl_import (crl, &pem, incert_format);
-   free (pem.data);
-   if (ret < 0)
--    error (EXIT_FAILURE, 0, "import error: %s", gnutls_strerror (ret));
-+    {
-+      fprintf(stderr, "import error: %s", gnutls_strerror (ret));
-+       exit(1);
-+     }
- 
-   print_crl_info (crl, outfile);
- 
-   fprintf (outfile, "Verification output: ");
-   ret = gnutls_x509_crl_verify (crl, &issuer, 1, 0, &output);
-   if (ret < 0)
--    error (EXIT_FAILURE, 0, "verification error: %s", gnutls_strerror (ret));
-+    {
-+      fprintf(stderr, "verification error: %s", gnutls_strerror (ret));
-+       exit(1);
-+     }
- 
-   if (output)
-     {
-_at_@ -2265,7 +2583,10 @@ generate_pkcs8 (common_info_st * cinfo)
-                                       password, flags, buffer, &size);
- 
-   if (result < 0)
--    error (EXIT_FAILURE, 0, "key_export: %s", gnutls_strerror (result));
-+    {
-+      fprintf(stderr, "key_export: %s", gnutls_strerror (result));
-+       exit(1);
-+     }
- 
-   fwrite (buffer, 1, size, outfile);
- 
-_at_@ -2302,7 +2623,10 @@ generate_pkcs12 (common_info_st * cinfo)
- 
-   result = gnutls_pkcs12_init (&pkcs12);
-   if (result < 0)
--    error (EXIT_FAILURE, 0, "pkcs12_init: %s", gnutls_strerror (result));
-+    {
-+      fprintf(stderr, "pkcs12_init: %s", gnutls_strerror (result));
-+       exit(1);
-+     }
- 
-   pass = get_password(cinfo, &flags, 1);
-   flags |= cipher_to_flags (cinfo->pkcs_cipher);
-_at_@ -2313,12 +2637,18 @@ generate_pkcs12 (common_info_st * cinfo)
- 
-       result = gnutls_pkcs12_bag_init (&bag);
-       if (result < 0)
--        error (EXIT_FAILURE, 0, "bag_init: %s", gnutls_strerror (result));
-+        {
-+          fprintf(stderr, "bag_init: %s", gnutls_strerror (result));
-+          exit(1);
-+        }
- 
-       result = gnutls_pkcs12_bag_set_crt (bag, crts[i]);
-       if (result < 0)
--        error (EXIT_FAILURE, 0, "set_crt[%d]: %s", i,
-+        {
-+          fprintf(stderr, "set_crt[%d]: %s", i,
-                gnutls_strerror (result));
-+          exit(1);
-+        }
- 
-       indx = result;
- 
-_at_@ -2326,31 +2656,46 @@ generate_pkcs12 (common_info_st * cinfo)
-         {
-           result = gnutls_pkcs12_bag_set_friendly_name (bag, indx, name);
-           if (result < 0)
--            error (EXIT_FAILURE, 0, "bag_set_friendly_name: %s",
-+            {
-+              fprintf(stderr, "bag_set_friendly_name: %s",
-                    gnutls_strerror (result));
-+              exit(1);
-+            }
-         }
- 
-       size = sizeof (_key_id);
-       result = gnutls_x509_crt_get_key_id (crts[i], 0, _key_id, &size);
-       if (result < 0)
--        error (EXIT_FAILURE, 0, "key_id[%d]: %s", i,
-+        {
-+          fprintf(stderr, "key_id[%d]: %s", i,
-                gnutls_strerror (result));
-+          exit(1);
-+        }
- 
-       key_id.data = _key_id;
-       key_id.size = size;
- 
-       result = gnutls_pkcs12_bag_set_key_id (bag, indx, &key_id);
-       if (result < 0)
--        error (EXIT_FAILURE, 0, "bag_set_key_id: %s",
-+        {
-+          fprintf(stderr, "bag_set_key_id: %s",
-                gnutls_strerror (result));
-+          exit(1);
-+        }
- 
-       result = gnutls_pkcs12_bag_encrypt (bag, pass, flags);
-       if (result < 0)
--        error (EXIT_FAILURE, 0, "bag_encrypt: %s", gnutls_strerror (result));
-+        {
-+          fprintf(stderr, "bag_encrypt: %s", gnutls_strerror (result));
-+          exit(1);
-+        }
- 
-       result = gnutls_pkcs12_set_bag (pkcs12, bag);
-       if (result < 0)
--        error (EXIT_FAILURE, 0, "set_bag: %s", gnutls_strerror (result));
-+        {
-+          fprintf(stderr, "set_bag: %s", gnutls_strerror (result));
-+          exit(1);
-+        }
-     }
- 
-   for (i = 0; i < nkeys; i++)
-_at_@ -2359,14 +2704,20 @@ generate_pkcs12 (common_info_st * cinfo)
- 
-       result = gnutls_pkcs12_bag_init (&kbag);
-       if (result < 0)
--        error (EXIT_FAILURE, 0, "bag_init: %s", gnutls_strerror (result));
-+        {
-+          fprintf(stderr, "bag_init: %s", gnutls_strerror (result));
-+          exit(1);
-+        }
- 
-       size = buffer_size;
-       result =
-         gnutls_x509_privkey_export_pkcs8 (keys[i], GNUTLS_X509_FMT_DER,
-                                           pass, flags, buffer, &size);
-       if (result < 0)
--        error (EXIT_FAILURE, 0, "key_export[%d]: %s", i, gnutls_strerror (result));
-+        {
-+          fprintf(stderr, "key_export[%d]: %s", i, gnutls_strerror (result));
-+          exit(1);
-+        }
- 
-       data.data = buffer;
-       data.size = size;
-_at_@ -2374,41 +2725,62 @@ generate_pkcs12 (common_info_st * cinfo)
-         gnutls_pkcs12_bag_set_data (kbag,
-                                     GNUTLS_BAG_PKCS8_ENCRYPTED_KEY, &data);
-       if (result < 0)
--        error (EXIT_FAILURE, 0, "bag_set_data: %s", gnutls_strerror (result));
-+        {
-+          fprintf(stderr, "bag_set_data: %s", gnutls_strerror (result));
-+          exit(1);
-+        }
- 
-       indx = result;
- 
-       result = gnutls_pkcs12_bag_set_friendly_name (kbag, indx, name);
-       if (result < 0)
--        error (EXIT_FAILURE, 0, "bag_set_friendly_name: %s",
-+        {
-+          fprintf(stderr, "bag_set_friendly_name: %s",
-                gnutls_strerror (result));
-+          exit(1);
-+        }
- 
-       size = sizeof (_key_id);
-       result = gnutls_x509_privkey_get_key_id (keys[i], 0, _key_id, &size);
-       if (result < 0)
--        error (EXIT_FAILURE, 0, "key_id[%d]: %s", i, gnutls_strerror (result));
-+        {
-+          fprintf(stderr, "key_id[%d]: %s", i, gnutls_strerror (result));
-+          exit(1);
-+        }
- 
-       key_id.data = _key_id;
-       key_id.size = size;
- 
-       result = gnutls_pkcs12_bag_set_key_id (kbag, indx, &key_id);
-       if (result < 0)
--        error (EXIT_FAILURE, 0, "bag_set_key_id: %s",
-+        {
-+          fprintf(stderr, "bag_set_key_id: %s",
-                gnutls_strerror (result));
-+          exit(1);
-+        }
- 
-       result = gnutls_pkcs12_set_bag (pkcs12, kbag);
-       if (result < 0)
--        error (EXIT_FAILURE, 0, "set_bag: %s", gnutls_strerror (result));
-+        {
-+          fprintf(stderr, "set_bag: %s", gnutls_strerror (result));
-+          exit(1);
-+        }
-     }
- 
-   result = gnutls_pkcs12_generate_mac (pkcs12, pass);
-   if (result < 0)
--    error (EXIT_FAILURE, 0, "generate_mac: %s", gnutls_strerror (result));
-+    {
-+      fprintf(stderr, "generate_mac: %s", gnutls_strerror (result));
-+      exit(1);
-+    }
- 
-   size = buffer_size;
-   result = gnutls_pkcs12_export (pkcs12, outcert_format, buffer, &size);
-   if (result < 0)
--    error (EXIT_FAILURE, 0, "pkcs12_export: %s", gnutls_strerror (result));
-+    {
-+      fprintf(stderr, "pkcs12_export: %s", gnutls_strerror (result));
-+      exit(1);
-+    }
- 
-   fwrite (buffer, 1, size, outfile);
- 
-_at_@ -2449,7 +2821,10 @@ print_bag_data (gnutls_pkcs12_bag_t bag)
- 
-   count = gnutls_pkcs12_bag_get_count (bag);
-   if (count < 0)
--    error (EXIT_FAILURE, 0, "get_count: %s", gnutls_strerror (count));
-+    {
-+      fprintf(stderr, "get_count: %s", gnutls_strerror (count));
-+      exit(1);
-+    }
- 
-   fprintf (outfile, "\tElements: %d\n", count);
- 
-_at_@ -2457,15 +2832,22 @@ print_bag_data (gnutls_pkcs12_bag_t bag)
-     {
-       type = gnutls_pkcs12_bag_get_type (bag, i);
-       if (type < 0)
--        error (EXIT_FAILURE, 0, "get_type: %s", gnutls_strerror (type));
-+        {
-+          fprintf(stderr, "get_type: %s", gnutls_strerror (type));
-+          exit(1);
-+        }
- 
-       fprintf (stderr, "\tType: %s\n", BAGTYPE (type));
- 
-       name = NULL;
-       result = gnutls_pkcs12_bag_get_friendly_name (bag, i, (char **) &name);
-       if (result < 0)
--        error (EXIT_FAILURE, 0, "get_friendly_name: %s",
-+        {
-+          fprintf(stderr, "get_friendly_name: %s",
-                gnutls_strerror (type));
-+          exit(1);
-+        }
-+
-       if (name)
-         fprintf (outfile, "\tFriendly name: %s\n", name);
- 
-_at_@ -2473,13 +2855,20 @@ print_bag_data (gnutls_pkcs12_bag_t bag)
-       id.size = 0;
-       result = gnutls_pkcs12_bag_get_key_id (bag, i, &id);
-       if (result < 0)
--        error (EXIT_FAILURE, 0, "get_key_id: %s", gnutls_strerror (type));
-+        {
-+          fprintf(stderr, "get_key_id: %s", gnutls_strerror (type));
-+          exit(1);
-+        }
-+
-       if (id.size > 0)
-         fprintf (outfile, "\tKey ID: %s\n", raw_to_string (id.data, id.size));
- 
-       result = gnutls_pkcs12_bag_get_data (bag, i, &cdata);
-       if (result < 0)
--        error (EXIT_FAILURE, 0, "get_data: %s", gnutls_strerror (result));
-+        {
-+          fprintf(stderr, "get_data: %s", gnutls_strerror (result));
-+          exit(1);
-+        }
- 
-       switch (type)
-         {
-_at_@ -2525,7 +2914,10 @@ pkcs12_info (common_info_st* cinfo)
- 
-   result = gnutls_pkcs12_init (&pkcs12);
-   if (result < 0)
--    error (EXIT_FAILURE, 0, "p12_init: %s", gnutls_strerror (result));
-+    {
-+      fprintf(stderr, "p12_init: %s", gnutls_strerror (result));
-+      exit(1);
-+    }
- 
-   data.data = (void*)fread_file (infile, &size);
-   data.size = size;
-_at_@ -2533,7 +2925,10 @@ pkcs12_info (common_info_st* cinfo)
-   result = gnutls_pkcs12_import (pkcs12, &data, incert_format, 0);
-   free (data.data);
-   if (result < 0)
--    error (EXIT_FAILURE, 0, "p12_import: %s", gnutls_strerror (result));
-+    {
-+      fprintf(stderr, "p12_import: %s", gnutls_strerror (result));
-+      exit(1);
-+    }
- 
-   pass = get_password(cinfo, NULL, 0);
- 
-_at_@ -2541,14 +2936,17 @@ pkcs12_info (common_info_st* cinfo)
-   if (result < 0)
-     {
-       fail = 1;
--      error (0, 0, "verify_mac: %s", gnutls_strerror (result));
-+      fprintf (stderr, "verify_mac: %s", gnutls_strerror (result));
-     }
- 
-   for (indx = 0;; indx++)
-     {
-       result = gnutls_pkcs12_bag_init (&bag);
-       if (result < 0)
--        error (EXIT_FAILURE, 0, "bag_init: %s", gnutls_strerror (result));
-+        {
-+          fprintf(stderr, "bag_init: %s", gnutls_strerror (result));
-+          exit(1);
-+        }
- 
-       result = gnutls_pkcs12_get_bag (pkcs12, indx, bag);
-       if (result < 0)
-_at_@ -2556,13 +2954,19 @@ pkcs12_info (common_info_st* cinfo)
- 
-       result = gnutls_pkcs12_bag_get_count (bag);
-       if (result < 0)
--        error (EXIT_FAILURE, 0, "bag_count: %s", gnutls_strerror (result));
-+        {
-+          fprintf(stderr, "bag_count: %s", gnutls_strerror (result));
-+          exit(1);
-+        }
- 
-       fprintf (outfile, "BAG #%d\n", indx);
- 
-       result = gnutls_pkcs12_bag_get_type (bag, 0);
-       if (result < 0)
--        error (EXIT_FAILURE, 0, "bag_init: %s", gnutls_strerror (result));
-+        {
-+          fprintf(stderr, "bag_init: %s", gnutls_strerror (result));
-+          exit(1);
-+        }
- 
-       if (result == GNUTLS_BAG_ENCRYPTED)
-         {
-_at_@ -2574,14 +2978,17 @@ pkcs12_info (common_info_st* cinfo)
-           if (result < 0)
-             {
-               fail = 1;
--              error (0, 0, "bag_decrypt: %s", gnutls_strerror (result));
-+              fprintf(stderr, "bag_decrypt: %s", gnutls_strerror (result));
-               continue;
-             }
- 
-           result = gnutls_pkcs12_bag_get_count (bag);
-           if (result < 0)
--            error (EXIT_FAILURE, 0, "encrypted bag_count: %s",
-+            {
-+              fprintf(stderr, "encrypted bag_count: %s",
-                    gnutls_strerror (result));
-+              exit(1);
-+            }
-         }
- 
-       print_bag_data (bag);
-_at_@ -2590,7 +2997,10 @@ pkcs12_info (common_info_st* cinfo)
-     }
- 
-   if (fail)
--    error (EXIT_FAILURE, 0, "There were errors parsing the structure\n");
-+    {
-+      fprintf(stderr, "There were errors parsing the structure\n");
-+      exit(1);
-+    }
- }
- 
- void
-_at_@ -2604,7 +3014,10 @@ pkcs7_info (void)
- 
-   result = gnutls_pkcs7_init (&pkcs7);
-   if (result < 0)
--    error (EXIT_FAILURE, 0, "p7_init: %s", gnutls_strerror (result));
-+    {
-+      fprintf(stderr, "p7_init: %s", gnutls_strerror (result));
-+      exit(1);
-+    }
- 
-   data.data = (void*)fread_file (infile, &size);
-   data.size = size;
-_at_@ -2612,13 +3025,19 @@ pkcs7_info (void)
-   result = gnutls_pkcs7_import (pkcs7, &data, incert_format);
-   free (data.data);
-   if (result < 0)
--    error (EXIT_FAILURE, 0, "import error: %s", gnutls_strerror (result));
-+    {
-+      fprintf(stderr, "import error: %s", gnutls_strerror (result));
-+      exit(1);
-+    }
- 
-   /* Read and print the certificates.
-    */
-   result = gnutls_pkcs7_get_crt_count (pkcs7);
-   if (result < 0)
--    error (EXIT_FAILURE, 0, "p7_crt_count: %s", gnutls_strerror (result));
-+    {
-+      fprintf(stderr, "p7_crt_count: %s", gnutls_strerror (result));
-+      exit(1);
-+    }
- 
-   count = result;
- 
-_at_@ -2639,7 +3058,10 @@ pkcs7_info (void)
- 
-       result = gnutls_pem_base64_encode_alloc ("CERTIFICATE", &data, &b64);
-       if (result < 0)
--        error (EXIT_FAILURE, 0, "encoding: %s", gnutls_strerror (result));
-+        {
-+          fprintf(stderr, "encoding: %s", gnutls_strerror (result));
-+           exit(1);
-+        }
- 
-       fputs ((void*)b64.data, outfile);
-       gnutls_free (b64.data);
-_at_@ -2649,7 +3071,10 @@ pkcs7_info (void)
-    */
-   result = gnutls_pkcs7_get_crl_count (pkcs7);
-   if (result < 0)
--    error (EXIT_FAILURE, 0, "p7_crl_count: %s", gnutls_strerror (result));
-+    {
-+      fprintf(stderr, "p7_crl_count: %s", gnutls_strerror (result));
-+      exit(1);
-+    }
- 
-   count = result;
- 
-_at_@ -2670,7 +3095,10 @@ pkcs7_info (void)
- 
-       result = gnutls_pem_base64_encode_alloc ("X509 CRL", &data, &b64);
-       if (result < 0)
--        error (EXIT_FAILURE, 0, "encoding: %s", gnutls_strerror (result));
-+        {
-+          fprintf(stderr, "encoding: %s", gnutls_strerror (result));
-+          exit(1);
-+        }
- 
-       fputs ((void*)b64.data, outfile);
-       gnutls_free (b64.data);
-_at_@ -2690,7 +3118,10 @@ smime_to_pkcs7 (void)
-     {
-       len = getline (&lineptr, &linesize, infile);
-       if (len == -1)
--        error (EXIT_FAILURE, 0, "cannot find RFC 2822 header/body separator");
-+        {
-+          fprintf(stderr, "cannot find RFC 2822 header/body separator");
-+          exit(1);
-+        }
-     }
-   while (strcmp (lineptr, "\r\n") != 0 && strcmp (lineptr, "\n") != 0);
- 
-_at_@ -2698,7 +3129,10 @@ smime_to_pkcs7 (void)
-     {
-       len = getline (&lineptr, &linesize, infile);
-       if (len == -1)
--        error (EXIT_FAILURE, 0, "message has RFC 2822 header but no body");
-+        {
-+          fprintf(stderr, "message has RFC 2822 header but no body");
-+          exit(1);
-+        }
-     }
-   while (strcmp (lineptr, "\r\n") == 0 && strcmp (lineptr, "\n") == 0);
- 
-_at_@ -2733,7 +3167,8 @@ pubkey_info (gnutls_x509_crt_t crt, common_info_st * cinfo)
-   ret = gnutls_pubkey_init (&pubkey);
-   if (ret < 0)
-     {
--      error (EXIT_FAILURE, 0, "pubkey_init: %s", gnutls_strerror (ret));
-+      fprintf(stderr, "pubkey_init: %s", gnutls_strerror (ret));
-+      exit(1);
-     }
- 
-   if (crt == NULL)
-_at_@ -2750,15 +3185,21 @@ pubkey_info (gnutls_x509_crt_t crt, common_info_st * cinfo)
-     {
-       ret = gnutls_pubkey_import_x509 (pubkey, crt, 0);
-       if (ret < 0)
--        error (EXIT_FAILURE, 0, "pubkey_import_x509: %s",
-+        {
-+          fprintf(stderr, "pubkey_import_x509: %s",
-                gnutls_strerror (ret));
-+          exit(1);
-+        }
-     }
-   else if (crq != NULL)
-     {
-       ret = gnutls_pubkey_import_x509_crq (pubkey, crq, 0);
-       if (ret < 0)
--        error (EXIT_FAILURE, 0, "pubkey_import_x509_crq: %s",
-+        {
-+          fprintf(stderr, "pubkey_import_x509_crq: %s",
-                gnutls_strerror (ret));
-+          exit(1);
-+        }
-     }
-   else
-     {
-_at_@ -2768,8 +3209,11 @@ pubkey_info (gnutls_x509_crt_t crt, common_info_st * cinfo)
-         {
-           ret = gnutls_pubkey_import_privkey(pubkey, privkey, 0, 0);
-           if (ret < 0)
--            error (EXIT_FAILURE, 0, "pubkey_import_privkey: %s",
-+            {
-+              fprintf(stderr, "pubkey_import_privkey: %s",
-                    gnutls_strerror (ret));
-+              exit(1);
-+            }
-         }
-       else
-         {
-_at_@ -2783,7 +3227,10 @@ pubkey_info (gnutls_x509_crt_t crt, common_info_st * cinfo)
-       size = buffer_size;
-       ret = gnutls_pubkey_export (pubkey, outcert_format, buffer, &size);
-       if (ret < 0)
--        error (EXIT_FAILURE, 0, "export error: %s", gnutls_strerror (ret));
-+        {
-+          fprintf(stderr, "export error: %s", gnutls_strerror (ret));
-+          exit(1);
-+        }
- 
-       fwrite (buffer, 1, size, outfile);
- 
-diff --git a/src/danetool.c b/src/danetool.c
-index 5c27321..07921c9 100644
---- a/src/danetool.c
-+++ b/src/danetool.c
-_at_@ -42,7 +42,6 @@
- #include <sys/types.h>
- #include <sys/stat.h>
- #include <fcntl.h>
--#include <error.h>
- 
- /* Gnulib portability files. */
- #include <read-file.h>
-_at_@ -95,7 +94,10 @@ cmd_parser (int argc, char **argv)
-     {
-       outfile = safe_open_rw (OPT_ARG(OUTFILE), privkey_op);
-       if (outfile == NULL)
--        error (EXIT_FAILURE, errno, "%s", OPT_ARG(OUTFILE));
-+        {
-+          fprintf (stderr, "%s", OPT_ARG(OUTFILE));
-+          exit(1);
-+        }
-     }
-   else
-     outfile = stdout;
-_at_@ -122,7 +124,10 @@ cmd_parser (int argc, char **argv)
-       else if (strcasecmp (OPT_ARG(HASH), "rmd160") == 0)
-         default_dig = GNUTLS_DIG_RMD160;
-       else
--        error (EXIT_FAILURE, 0, "invalid hash: %s", OPT_ARG(HASH));
-+        {
-+          fprintf (stderr, "invalid hash: %s", OPT_ARG(HASH));
-+          exit(1);
-+        }
-     }
- 
-   gnutls_global_set_log_function (tls_log_func);
-_at_@ -134,7 +139,10 @@ cmd_parser (int argc, char **argv)
-     }
- 
-   if ((ret = gnutls_global_init ()) < 0)
--    error (EXIT_FAILURE, 0, "global_init: %s", gnutls_strerror (ret));
-+    {
-+      fprintf (stderr, "global_init: %s", gnutls_strerror (ret));
-+      exit(1);
-+    }
- 
- #ifdef ENABLE_PKCS11
-   pkcs11_common();
-_at_@ -207,31 +215,46 @@ unsigned vflags = DANE_VFLAG_FAIL_IF_NOT_CHECKED;
-   printf("Querying %s (%s:%d)...\n", host, proto, port);
-   ret = dane_state_init(&s, flags);
-   if (ret < 0)
--    error (EXIT_FAILURE, 0, "dane_state_init: %s", dane_strerror (ret));
-+    {
-+      fprintf (stderr, "dane_state_init: %s", dane_strerror (ret));
-+      exit(1);
-+    }
- 
-   if (HAVE_OPT(DLV))
-     {
-       ret = dane_state_set_dlv_file(s, OPT_ARG(DLV));
-       if (ret < 0)
--        error (EXIT_FAILURE, 0, "dane_state_set_dlv_file: %s", dane_strerror (ret));
-+        {
-+          fprintf (stderr, "dane_state_set_dlv_file: %s", dane_strerror (ret));
-+          exit(1);
-+        }
-     }
-   
-   ret = dane_query_tlsa(s, &q, host, proto, port);
-   if (ret < 0)
--    error (EXIT_FAILURE, 0, "dane_query_tlsa: %s", dane_strerror (ret));
-+    {
-+      fprintf (stderr, "dane_query_tlsa: %s", dane_strerror (ret));
-+      exit(1);
-+    }
-   
-   entries = dane_query_entries(q);
-   for (i=0;i<entries;i++)
-     {
-       ret = dane_query_data(q, i, &usage, &type, &match, &data);
-       if (ret < 0)
--        error (EXIT_FAILURE, 0, "dane_query_data: %s", dane_strerror (ret));
-+        {
-+          fprintf (stderr, "dane_query_data: %s", dane_strerror (ret));
-+          exit(1);
-+        }
-       
-       
-       size = buffer_size;
-       ret = gnutls_hex_encode(&data, (void*)buffer, &size);
-       if (ret < 0)
--        error (EXIT_FAILURE, 0, "gnutls_hex_encode: %s", dane_strerror (ret));
-+        {
-+          fprintf (stderr, "gnutls_hex_encode: %s", dane_strerror (ret));
-+          exit(1);
-+        }
- 
-       if (entries > 1) printf("\nEntry %d:\n", i+1);
- 
-_at_@ -249,11 +272,17 @@ unsigned vflags = DANE_VFLAG_FAIL_IF_NOT_CHECKED;
-           
-           ret = gnutls_load_file(cinfo->cert, &file);
-           if (ret < 0)
--            error (EXIT_FAILURE, 0, "gnutls_load_file: %s", gnutls_strerror (ret));
-+            {
-+              fprintf (stderr, "gnutls_load_file: %s", gnutls_strerror (ret));
-+              exit(1);
-+            }
-         
-           ret = gnutls_x509_crt_list_import2( &clist, &clist_size, &file, cinfo->incert_format, 0);
-           if (ret < 0)
--            error (EXIT_FAILURE, 0, "gnutls_x509_crt_list_import2: %s", gnutls_strerror (ret));
-+            {
-+              fprintf (stderr, "gnutls_x509_crt_list_import2: %s", gnutls_strerror (ret));
-+              exit(1);
-+            }
- 
-           if (clist_size > 0)
-             {
-_at_@ -265,17 +294,26 @@ unsigned vflags = DANE_VFLAG_FAIL_IF_NOT_CHECKED;
-                 {
-                   ret = gnutls_x509_crt_export2( clist[i], GNUTLS_X509_FMT_DER, &certs[i]);
-                   if (ret < 0)
--                    error (EXIT_FAILURE, 0, "gnutls_x509_crt_export2: %s", gnutls_strerror (ret));
-+                    {
-+                      fprintf (stderr, "gnutls_x509_crt_export2: %s", gnutls_strerror (ret));
-+                      exit(1);
-+                    }
-                 }
- 
-               ret = dane_verify_crt( s, certs, clist_size, GNUTLS_CRT_X509, 
-                                      host, proto, port, 0, vflags, &status);
-               if (ret < 0)
--                error (EXIT_FAILURE, 0, "dane_verify_crt: %s", dane_strerror (ret));
-+                {
-+                  fprintf (stderr, "dane_verify_crt: %s", dane_strerror (ret));
-+                  exit(1);
-+                }
-                 
-               ret = dane_verification_status_print(status, &out, 0);
-               if (ret < 0)
--                error (EXIT_FAILURE, 0, "dane_verification_status_print: %s", dane_strerror (ret));
-+                {
-+                  fprintf( stderr, "dane_verification_status_print: %s", dane_strerror (ret));
-+                  exit(1);
-+                }
-               
-               printf("\nVerification: %s\n", out.data);
-               gnutls_free(out.data);
-_at_@ -331,7 +369,10 @@ static void dane_info(const char* host, const char* proto, unsigned int port,
-       size = buffer_size;
-       ret = gnutls_x509_crt_export (crt, GNUTLS_X509_FMT_DER, buffer, &size);
-       if (ret < 0)
--        error (EXIT_FAILURE, 0, "export error: %s", gnutls_strerror (ret));
-+        {
-+          fprintf( stderr, "export error: %s", gnutls_strerror (ret));
-+          exit(1);
-+        }
- 
-       gnutls_x509_crt_deinit (crt);
-     }
-_at_@ -341,7 +382,10 @@ static void dane_info(const char* host, const char* proto, unsigned int port,
- 
-       ret = gnutls_pubkey_init (&pubkey);
-       if (ret < 0)
--        error (EXIT_FAILURE, 0, "pubkey_init: %s", gnutls_strerror (ret));
-+        {
-+          fprintf (stderr, "pubkey_init: %s", gnutls_strerror (ret));
-+          exit(1);
-+        }
- 
-       if (crt != NULL)
-         {
-_at_@ -349,16 +393,18 @@ static void dane_info(const char* host, const char* proto, unsigned int port,
-           ret = gnutls_pubkey_import_x509 (pubkey, crt, 0);
-           if (ret < 0)
-             {
--              error (EXIT_FAILURE, 0, "pubkey_import_x509: %s",
-+              fprintf (stderr, "pubkey_import_x509: %s",
-                      gnutls_strerror (ret));
-+              exit(1);
-             }
- 
-           size = buffer_size;
-           ret = gnutls_pubkey_export (pubkey, GNUTLS_X509_FMT_DER, buffer, &size);
-           if (ret < 0)
-             {
--              error (EXIT_FAILURE, 0, "pubkey_export: %s",
-+              fprintf( stderr, "pubkey_export: %s",
-                      gnutls_strerror (ret));
-+              exit(1);
-             }
-           
-           gnutls_x509_crt_deinit(crt);
-_at_@ -370,7 +416,10 @@ static void dane_info(const char* host, const char* proto, unsigned int port,
-           size = buffer_size;
-           ret = gnutls_pubkey_export (pubkey, GNUTLS_X509_FMT_DER, buffer, &size);
-           if (ret < 0)
--            error (EXIT_FAILURE, 0, "export error: %s", gnutls_strerror (ret));
-+            {
-+              fprintf (stderr, "export error: %s", gnutls_strerror (ret));
-+              exit(1);
-+            }
-         }
- 
-       gnutls_pubkey_deinit (pubkey);
-_at_@ -384,7 +433,10 @@ static void dane_info(const char* host, const char* proto, unsigned int port,
-   
-   ret = gnutls_hash_fast(default_dig, buffer, size, digest);
-   if (ret < 0)
--    error (EXIT_FAILURE, 0, "hash error: %s", gnutls_strerror (ret));
-+    {
-+      fprintf( stderr, "hash error: %s", gnutls_strerror (ret));
-+      exit(1);
-+    }
- 
-   if (default_dig == GNUTLS_DIG_SHA256)
-     type = 1;
-_at_@ -408,7 +460,10 @@ static void dane_info(const char* host, const char* proto, unsigned int port,
-   size = buffer_size;
-   ret = gnutls_hex_encode(&t, (void*)buffer, &size);
-   if (ret < 0)
--    error (EXIT_FAILURE, 0, "hex encode error: %s", gnutls_strerror (ret));
-+    {
-+      fprintf (stderr, "hex encode error: %s", gnutls_strerror (ret));
-+      exit(1);
-+    }
- 
-   fprintf(outfile, "_%u._%s.%s. IN TLSA ( %.2x %.2x %.2x %s )\n", port, proto, host, usage, selector, type, buffer);
- 
-diff --git a/src/ocsptool-common.c b/src/ocsptool-common.c
-index 060f114..4bc3f59 100644
---- a/src/ocsptool-common.c
-+++ b/src/ocsptool-common.c
-_at_@ -31,7 +31,6 @@
- #include <gnutls/crypto.h>
- 
- /* Gnulib portability files. */
--#include <error.h>
- #include <read-file.h>
- #include <socket.h>
- 
-_at_@ -83,12 +82,18 @@ _generate_request (gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer,
- 
-   ret = gnutls_ocsp_req_init (&req);
-   if (ret < 0)
--    error (EXIT_FAILURE, 0, "ocsp_req_init: %s", gnutls_strerror (ret));
-+    {
-+      fprintf( stderr, "ocsp_req_init: %s", gnutls_strerror (ret));
-+      exit(1);
-+    }
- 
-   ret = gnutls_ocsp_req_add_cert (req, GNUTLS_DIG_SHA1,
-   				      issuer, cert);
-   if (ret < 0)
--    error (EXIT_FAILURE, 0, "ocsp_req_add_cert: %s", gnutls_strerror (ret));
-+    {
-+      fprintf( stderr, "ocsp_req_add_cert: %s", gnutls_strerror (ret));
-+      exit(1);
-+    }
-     
-   if (nonce)
-     {
-_at_@ -97,17 +102,26 @@ _generate_request (gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer,
- 
-       ret = gnutls_rnd (GNUTLS_RND_RANDOM, nonce.data, nonce.size);
-       if (ret < 0)
--	error (EXIT_FAILURE, 0, "gnutls_rnd: %s", gnutls_strerror (ret));
-+	{
-+	  fprintf( stderr, "gnutls_rnd: %s", gnutls_strerror (ret));
-+          exit(1);
-+        }
- 
-       ret = gnutls_ocsp_req_set_nonce (req, 0, &nonce);
-       if (ret < 0)
--	error (EXIT_FAILURE, 0, "ocsp_req_set_nonce: %s",
-+	{
-+	  fprintf( stderr, "ocsp_req_set_nonce: %s",
- 	       gnutls_strerror (ret));
-+          exit(1);
-+        }
-     }
- 
-   ret = gnutls_ocsp_req_export (req, rdata);
-   if (ret != 0)
--    error (EXIT_FAILURE, 0, "ocsp_req_export: %s", gnutls_strerror (ret));
-+    {
-+      fprintf( stderr, "ocsp_req_export: %s", gnutls_strerror (ret));
-+      exit(1);
-+    }
- 
-   gnutls_ocsp_req_deinit (req);
-   return;
-_at_@ -321,11 +335,17 @@ check_ocsp_response (gnutls_x509_crt_t cert,
- 
-   ret = gnutls_ocsp_resp_init (&resp);
-   if (ret < 0)
--    error (EXIT_FAILURE, 0, "ocsp_resp_init: %s", gnutls_strerror (ret));
-+    {
-+      fprintf(stderr,  "ocsp_resp_init: %s", gnutls_strerror (ret));
-+      exit(1);
-+    }
- 
-   ret = gnutls_ocsp_resp_import (resp, data);
-   if (ret < 0)
--    error (EXIT_FAILURE, 0, "importing response: %s", gnutls_strerror (ret));
-+    {
-+      fprintf(stderr,  "importing response: %s", gnutls_strerror (ret));
-+      exit(1);
-+    }
-   
-   ret = gnutls_ocsp_resp_check_crt(resp, 0, cert);
-   if (ret < 0)
-_at_@ -337,8 +357,11 @@ check_ocsp_response (gnutls_x509_crt_t cert,
- 
-   ret = gnutls_ocsp_resp_verify_direct( resp, issuer, &status, 0);
-   if (ret < 0)
--    error (EXIT_FAILURE, 0, "gnutls_ocsp_resp_verify_direct: %s",
--      gnutls_strerror (ret));
-+    {  
-+      fprintf(stderr,  "gnutls_ocsp_resp_verify_direct: %s",
-+        gnutls_strerror (ret));
-+      exit(1);
-+    }
- 
-   if (status != 0)
-     {
-_at_@ -357,7 +380,10 @@ check_ocsp_response (gnutls_x509_crt_t cert,
-   ret = gnutls_ocsp_resp_get_single(resp, 0, NULL, NULL, NULL, NULL,
-         &cert_status, &vtime, &ntime, &rtime, NULL);
-   if (ret < 0)
--    error (EXIT_FAILURE, 0, "reading response: %s", gnutls_strerror (ret));
-+    {
-+      fprintf(stderr,  "reading response: %s", gnutls_strerror (ret));
-+      exit(1);
-+    }
-   
-   if (cert_status == GNUTLS_OCSP_CERT_REVOKED)
-     {
-diff --git a/src/ocsptool.c b/src/ocsptool.c
-index ffbb051..cd92c1d 100644
---- a/src/ocsptool.c
-+++ b/src/ocsptool.c
-_at_@ -31,7 +31,6 @@
- #include <gnutls/crypto.h>
- 
- /* Gnulib portability files. */
--#include <error.h>
- #include <read-file.h>
- #include <socket.h>
- 
-_at_@ -59,24 +58,36 @@ request_info (void)
- 
-   ret = gnutls_ocsp_req_init (&req);
-   if (ret < 0)
--    error (EXIT_FAILURE, 0, "ocsp_req_init: %s", gnutls_strerror (ret));
-+    {
-+      fprintf (stderr, "ocsp_req_init: %s", gnutls_strerror (ret));
-+      exit(1);
-+    }
- 
-   if (HAVE_OPT(LOAD_REQUEST))
-     dat.data = (void*)read_binary_file (OPT_ARG(LOAD_REQUEST), &size);
-   else
-     dat.data = (void*)fread_file (infile, &size);
-   if (dat.data == NULL)
--    error (EXIT_FAILURE, errno, "reading request");
-+    {
-+      fprintf (stderr, "reading request");
-+      exit(1);
-+    }
-   dat.size = size;
- 
-   ret = gnutls_ocsp_req_import (req, &dat);
-   free (dat.data);
-   if (ret < 0)
--    error (EXIT_FAILURE, 0, "importing request: %s", gnutls_strerror (ret));
-+    {
-+      fprintf (stderr, "importing request: %s", gnutls_strerror (ret));
-+      exit(1);
-+    }
- 
-   ret = gnutls_ocsp_req_print (req, GNUTLS_OCSP_PRINT_FULL, &dat);
-   if (ret != 0)
--    error (EXIT_FAILURE, 0, "ocsp_req_print: %s", gnutls_strerror (ret));
-+    {
-+      fprintf (stderr, "ocsp_req_print: %s", gnutls_strerror (ret));
-+      exit(1);
-+    }
- 
-   printf ("%.*s", dat.size, dat.data);
-   gnutls_free (dat.data);
-_at_@ -93,18 +104,27 @@ _response_info (const gnutls_datum_t* data)
- 
-   ret = gnutls_ocsp_resp_init (&resp);
-   if (ret < 0)
--    error (EXIT_FAILURE, 0, "ocsp_resp_init: %s", gnutls_strerror (ret));
-+    {
-+      fprintf (stderr, "ocsp_resp_init: %s", gnutls_strerror (ret));
-+      exit(1);
-+    }
- 
-   ret = gnutls_ocsp_resp_import (resp, data);
-   if (ret < 0)
--    error (EXIT_FAILURE, 0, "importing response: %s", gnutls_strerror (ret));
-+    {
-+      fprintf (stderr, "importing response: %s", gnutls_strerror (ret));
-+      exit(1);
-+    }
- 
-   if (ENABLED_OPT(VERBOSE))
-     ret = gnutls_ocsp_resp_print (resp, GNUTLS_OCSP_PRINT_FULL, &buf);
-   else
-     ret = gnutls_ocsp_resp_print (resp, GNUTLS_OCSP_PRINT_COMPACT, &buf);
-   if (ret != 0)
--    error (EXIT_FAILURE, 0, "ocsp_resp_print: %s", gnutls_strerror (ret));
-+    {
-+      fprintf (stderr, "ocsp_resp_print: %s", gnutls_strerror (ret));
-+      exit(1);
-+    }
- 
-   printf ("%.*s", buf.size, buf.data);
-   gnutls_free (buf.data);
-_at_@ -123,7 +143,10 @@ response_info (void)
-   else
-     dat.data = (void*)fread_file (infile, &size);
-   if (dat.data == NULL)
--    error (EXIT_FAILURE, errno, "reading response");
-+    {
-+      fprintf (stderr, "reading response");
-+      exit(1);
-+    }
-   dat.size = size;
- 
-   _response_info(&dat);
-_at_@ -139,23 +162,35 @@ load_issuer (void)
-   size_t size;
- 
-   if (!HAVE_OPT(LOAD_ISSUER))
--    error (EXIT_FAILURE, 0, "missing --load-issuer");
-+    {
-+      fprintf( stderr, "missing --load-issuer");
-+      exit(1);
-+    }
- 
-   ret = gnutls_x509_crt_init (&crt);
-   if (ret < 0)
--    error (EXIT_FAILURE, 0, "crt_init: %s", gnutls_strerror (ret));
-+    {
-+      fprintf (stderr, "crt_init: %s", gnutls_strerror (ret));
-+      exit(1);
-+    }
- 
-   dat.data = (void*)read_binary_file (OPT_ARG(LOAD_ISSUER), &size);
-   dat.size = size;
- 
-   if (!dat.data)
--    error (EXIT_FAILURE, errno, "reading --load-issuer: %s", OPT_ARG(LOAD_ISSUER));
-+    {
-+      fprintf (stderr, "reading --load-issuer: %s", OPT_ARG(LOAD_ISSUER));
-+      exit(1);
-+    }
- 
-   ret = gnutls_x509_crt_import (crt, &dat, encoding);
-   free (dat.data);
-   if (ret < 0)
--    error (EXIT_FAILURE, 0, "importing --load-issuer: %s: %s",
-+    {
-+      fprintf (stderr, "importing --load-issuer: %s: %s",
-            OPT_ARG(LOAD_ISSUER), gnutls_strerror (ret));
-+      exit(1);
-+    }
- 
-   return crt;
- }
-_at_@ -169,23 +204,35 @@ load_cert (void)
-   size_t size;
- 
-   if (!HAVE_OPT(LOAD_CERT))
--    error (EXIT_FAILURE, 0, "missing --load-cert");
-+    {
-+      fprintf (stderr, "missing --load-cert");
-+      exit(1);
-+    }
- 
-   ret = gnutls_x509_crt_init (&crt);
-   if (ret < 0)
--    error (EXIT_FAILURE, 0, "crt_init: %s", gnutls_strerror (ret));
-+    {
-+      fprintf (stderr, "crt_init: %s", gnutls_strerror (ret));
-+      exit(1);
-+    }
- 
-   dat.data = (void*)read_binary_file (OPT_ARG(LOAD_CERT), &size);
-   dat.size = size;
- 
-   if (!dat.data)
--    error (EXIT_FAILURE, errno, "reading --load-cert: %s", OPT_ARG(LOAD_CERT));
-+    {
-+      fprintf (stderr, "reading --load-cert: %s", OPT_ARG(LOAD_CERT));
-+      exit(1);
-+    }
- 
-   ret = gnutls_x509_crt_import (crt, &dat, encoding);
-   free (dat.data);
-   if (ret < 0)
--    error (EXIT_FAILURE, 0, "importing --load-cert: %s: %s",
-+    {
-+      fprintf (stderr, "importing --load-cert: %s: %s",
-            OPT_ARG(LOAD_CERT), gnutls_strerror (ret));
-+      exit(1);
-+    }
- 
-   return crt;
- }
-_at_@ -218,29 +265,44 @@ _verify_response (gnutls_datum_t *data)
- 
-   ret = gnutls_ocsp_resp_init (&resp);
-   if (ret < 0)
--    error (EXIT_FAILURE, 0, "ocsp_resp_init: %s", gnutls_strerror (ret));
-+    {
-+      fprintf (stderr, "ocsp_resp_init: %s", gnutls_strerror (ret));
-+      exit(1);
-+    }
- 
-   ret = gnutls_ocsp_resp_import (resp, data);
-   if (ret < 0)
--    error (EXIT_FAILURE, 0, "importing response: %s", gnutls_strerror (ret));
-+    {
-+      fprintf (stderr, "importing response: %s", gnutls_strerror (ret));
-+      exit(1);
-+    }
- 
-   if (HAVE_OPT(LOAD_TRUST))
-     {
-       dat.data = (void*)read_binary_file (OPT_ARG(LOAD_TRUST), &size);
-       if (dat.data == NULL)
--	error (EXIT_FAILURE, errno, "reading --load-trust: %s", OPT_ARG(LOAD_TRUST));
-+        {
-+	  fprintf (stderr, "reading --load-trust: %s", OPT_ARG(LOAD_TRUST));
-+	  exit(1);
-+	}
-       dat.size = size;
- 
-       ret = gnutls_x509_trust_list_init (&list, 0);
-       if (ret < 0)
--	error (EXIT_FAILURE, 0, "gnutls_x509_trust_list_init: %s",
-+        {
-+	  fprintf (stderr, "gnutls_x509_trust_list_init: %s",
- 	       gnutls_strerror (ret));
-+	  exit(1);
-+	}
- 
-       ret = gnutls_x509_crt_list_import2 (&x509_ca_list, &x509_ncas, &dat,
- 					  GNUTLS_X509_FMT_PEM, 0);
-       if (ret < 0 || x509_ncas < 1)
--	error (EXIT_FAILURE, 0, "error parsing CAs: %s",
-+        {
-+	  fprintf (stderr, "error parsing CAs: %s",
- 	       gnutls_strerror (ret));
-+	  exit(1);
-+	}
- 
-       if (HAVE_OPT(VERBOSE))
- 	{
-_at_@ -253,8 +315,11 @@ _verify_response (gnutls_datum_t *data)
- 	      ret = gnutls_x509_crt_print (x509_ca_list[i],
- 					   GNUTLS_CRT_PRINT_ONELINE, &out);
- 	      if (ret < 0)
--		error (EXIT_FAILURE, 0, "gnutls_x509_crt_print: %s",
-+	        {
-+		  fprintf (stderr, "gnutls_x509_crt_print: %s",
- 		       gnutls_strerror (ret));
-+		  exit(1);
-+		}
- 
- 	      printf ("%d: %.*s\n", i, out.size, out.data);
- 	      gnutls_free (out.data);
-_at_@ -264,33 +329,48 @@ _verify_response (gnutls_datum_t *data)
- 
-       ret = gnutls_x509_trust_list_add_cas (list, x509_ca_list, x509_ncas, 0);
-       if (ret < 0)
--	error (EXIT_FAILURE, 0, "gnutls_x509_trust_add_cas: %s",
-+        {
-+	  fprintf (stderr, "gnutls_x509_trust_add_cas: %s",
- 	       gnutls_strerror (ret));
-+	  exit(1);
-+	}
- 
-       if (HAVE_OPT(VERBOSE))
- 	fprintf (stdout, "Loaded %d trust anchors\n", x509_ncas);
- 
-       ret = gnutls_ocsp_resp_verify (resp, list, &verify, 0);
-       if (ret < 0)
--	error (EXIT_FAILURE, 0, "gnutls_ocsp_resp_verify: %s",
-+        {
-+	  fprintf (stderr, "gnutls_ocsp_resp_verify: %s",
- 	       gnutls_strerror (ret));
-+	  exit(1);
-+	}
-     }
-   else if (HAVE_OPT(LOAD_SIGNER))
-     {
-       ret = gnutls_x509_crt_init (&signer);
-       if (ret < 0)
--	error (EXIT_FAILURE, 0, "crt_init: %s", gnutls_strerror (ret));
-+        {
-+	  fprintf (stderr, "crt_init: %s", gnutls_strerror (ret));
-+	  exit(1);
-+	}
- 
-       dat.data = (void*)read_binary_file (OPT_ARG(LOAD_SIGNER), &size);
-       if (dat.data == NULL)
--	error (EXIT_FAILURE, errno, "reading --load-signer: %s", OPT_ARG(LOAD_SIGNER));
-+        {
-+	  fprintf (stderr, "reading --load-signer: %s", OPT_ARG(LOAD_SIGNER));
-+	  exit(1);
-+	}
-       dat.size = size;
- 
-       ret = gnutls_x509_crt_import (signer, &dat, encoding);
-       free (dat.data);
-       if (ret < 0)
--	error (EXIT_FAILURE, 0, "importing --load-signer: %s: %s",
-+        {
-+	  fprintf (stderr, "importing --load-signer: %s: %s",
- 	       OPT_ARG(LOAD_SIGNER), gnutls_strerror (ret));
-+	  exit(1);
-+	}
- 
-       if (HAVE_OPT(VERBOSE))
- 	{
-_at_@ -298,8 +378,11 @@ _verify_response (gnutls_datum_t *data)
- 
- 	  ret = gnutls_x509_crt_print (signer, GNUTLS_CRT_PRINT_ONELINE, &out);
- 	  if (ret < 0)
--	    error (EXIT_FAILURE, 0, "gnutls_x509_crt_print: %s",
-+	    {
-+	      fprintf (stderr, "gnutls_x509_crt_print: %s",
- 		   gnutls_strerror (ret));
-+              exit(1);
-+            }
- 
- 	  printf ("Signer: %.*s\n", out.size, out.data);
- 	  gnutls_free (out.data);
-_at_@ -308,11 +391,17 @@ _verify_response (gnutls_datum_t *data)
- 
-       ret = gnutls_ocsp_resp_verify_direct (resp, signer, &verify, 0);
-       if (ret < 0)
--	error (EXIT_FAILURE, 0, "gnutls_ocsp_resp_verify_direct: %s",
-+        {
-+	  fprintf (stderr, "gnutls_ocsp_resp_verify_direct: %s",
- 	       gnutls_strerror (ret));
-+	  exit(1);
-+	}
-     }
-   else
--    error (EXIT_FAILURE, 0, "missing --load-trust or --load-signer");
-+    {
-+      fprintf (stderr, "missing --load-trust or --load-signer");
-+      exit(1);
-+    }
- 
-   printf ("Verifying OCSP Response: ");
-   print_ocsp_verify_res (verify);
-_at_@ -334,7 +423,10 @@ verify_response (void)
-   else
-     dat.data = (void*)fread_file (infile, &size);
-   if (dat.data == NULL)
--    error (EXIT_FAILURE, errno, "reading response");
-+    {
-+      fprintf (stderr, "reading response");
-+      exit(1);
-+    }
-   dat.size = size;
-   
-   _verify_response(&dat);
-_at_@ -381,7 +473,10 @@ main (int argc, char **argv)
-   int ret;
- 
-   if ((ret = gnutls_global_init ()) < 0)
--    error (EXIT_FAILURE, 0, "global_init: %s", gnutls_strerror (ret));
-+    {
-+      fprintf( stderr, "global_init: %s", gnutls_strerror (ret));
-+      exit(1);
-+    }
- 
-   optionProcess( &ocsptoolOptions, argc, argv);
- 
-_at_@ -392,7 +487,10 @@ main (int argc, char **argv)
-     {
-       outfile = fopen (OPT_ARG(OUTFILE), "wb");
-       if (outfile == NULL)
--        error (EXIT_FAILURE, errno, "%s", OPT_ARG(OUTFILE));
-+        {
-+          fprintf( stderr, "%s", OPT_ARG(OUTFILE));
-+          exit(1);
-+        }
-     }
-   else
-     outfile = stdout;
-_at_@ -401,7 +499,10 @@ main (int argc, char **argv)
-     {
-       infile = fopen (OPT_ARG(INFILE), "rb");
-       if (infile == NULL)
--        error (EXIT_FAILURE, errno, "%s", OPT_ARG(INFILE));
-+        {
-+          fprintf( stderr, "%s", OPT_ARG(INFILE));
-+          exit(1);
-+        }
-     }
-   else
-     infile = stdin;
-diff --git a/src/p11tool.c b/src/p11tool.c
-index 924f6bb..19ca1fd 100644
---- a/src/p11tool.c
-+++ b/src/p11tool.c
-_at_@ -39,7 +39,6 @@
- #include <sys/types.h>
- #include <sys/stat.h>
- #include <fcntl.h>
--#include <error.h>
- 
- /* Gnulib portability files. */
- #include <read-file.h>
-_at_@ -97,7 +96,10 @@ cmd_parser (int argc, char **argv)
-     printf ("Setting log level to %d\n", debug);
- 
-   if ((ret = gnutls_global_init ()) < 0)
--    error (EXIT_FAILURE, 0, "global_init: %s", gnutls_strerror (ret));
-+    {
-+      fprintf (stderr, "global_init: %s", gnutls_strerror (ret));
-+      exit(1);
-+    }
- 
-   if (HAVE_OPT(PROVIDER))
-     {
-_at_@ -108,8 +110,11 @@ cmd_parser (int argc, char **argv)
-         {
-           ret = gnutls_pkcs11_add_provider (OPT_ARG(PROVIDER), NULL);
-           if (ret < 0)
--            error (EXIT_FAILURE, 0, "pkcs11_add_provider: %s",
-+            {
-+              fprintf (stderr, "pkcs11_add_provider: %s",
-                    gnutls_strerror (ret));
-+              exit(1);
-+            }
-         }
-     }
-   else
-_at_@ -123,7 +128,10 @@ cmd_parser (int argc, char **argv)
-     {
-       outfile = safe_open_rw (OPT_ARG(OUTFILE), 0);
-       if (outfile == NULL)
--        error (EXIT_FAILURE, errno, "%s", OPT_ARG(OUTFILE));
-+        {
-+          fprintf (stderr, "%s", OPT_ARG(OUTFILE));
-+          exit(1);
-+        }
-     }
-   else
-     outfile = stdout;
-diff --git a/src/pkcs11.c b/src/pkcs11.c
-index 9759892..5290f63 100644
---- a/src/pkcs11.c
-+++ b/src/pkcs11.c
-_at_@ -75,7 +75,6 @@ pkcs11_list (FILE * outfile, const char *url, int type, unsigned int login,
-              unsigned int detailed, common_info_st * info)
- {
-   gnutls_pkcs11_obj_t *crt_list;
--  gnutls_x509_crt_t xcrt;
-   unsigned int crt_list_size = 0, i;
-   int ret, otype;
-   char *output;
-diff --git a/src/serv.c b/src/serv.c
-index 5650658..d420cb8 100644
---- a/src/serv.c
-+++ b/src/serv.c
-_at_@ -1216,6 +1216,8 @@ main (int argc, char **argv)
-     udp_server (name, port, mtu);
-   else
-     tcp_server (name, port);
-+  
-+  return 0;
- }
- 
- static void
-diff --git a/src/tpmtool.c b/src/tpmtool.c
-index 0c81d34..9b2168e 100644
---- a/src/tpmtool.c
-+++ b/src/tpmtool.c
-_at_@ -39,7 +39,6 @@
- #include <sys/types.h>
- #include <sys/stat.h>
- #include <fcntl.h>
--#include <error.h>
- 
- /* Gnulib portability files. */
- #include <read-file.h>
-_at_@ -130,13 +129,19 @@ cmd_parser (int argc, char **argv)
-     printf ("Setting log level to %d\n", debug);
- 
-   if ((ret = gnutls_global_init ()) < 0)
--    error (EXIT_FAILURE, 0, "global_init: %s", gnutls_strerror (ret));
-+    {
-+      fprintf (stderr, "global_init: %s", gnutls_strerror (ret));
-+      exit(1);
-+    }
- 
-   if (HAVE_OPT(OUTFILE))
-     {
-       outfile = safe_open_rw (OPT_ARG(OUTFILE), 0);
-       if (outfile == NULL)
--        error (EXIT_FAILURE, errno, "%s", OPT_ARG(OUTFILE));
-+        {
-+          fprintf (stderr, "%s", OPT_ARG(OUTFILE));
-+          exit(1);
-+        }
-     }
-   else
-     outfile = stdout;
-_at_@ -145,7 +150,10 @@ cmd_parser (int argc, char **argv)
-     {
-       infile = fopen (OPT_ARG(INFILE), "rb");
-       if (infile == NULL)
--        error (EXIT_FAILURE, errno, "%s", OPT_ARG(INFILE));
-+        {
-+          fprintf (stderr, "%s", OPT_ARG(INFILE));
-+          exit(1);
-+        }
-     }
-   else
-     infile = stdin;
-_at_@ -210,7 +218,10 @@ static void tpm_generate(FILE* outfile, unsigned int key_type, unsigned int bits
-   free(srk_pass);
- 
-   if (ret < 0)
--    error (EXIT_FAILURE, 0, "gnutls_tpm_privkey_generate: %s", gnutls_strerror (ret));
-+    {
-+      fprintf (stderr, "gnutls_tpm_privkey_generate: %s", gnutls_strerror (ret));
-+      exit(1);
-+    }
- 
- /*  fwrite (pubkey.data, 1, pubkey.size, outfile);
-   fputs ("\n", outfile);*/
-_at_@ -230,7 +241,10 @@ static void tpm_delete(const char* url, FILE* outfile)
-   
-   ret = gnutls_tpm_privkey_delete(url, srk_pass);
-   if (ret < 0)
--    error (EXIT_FAILURE, 0, "gnutls_tpm_privkey_delete: %s", gnutls_strerror (ret));
-+    {
-+      fprintf (stderr, "gnutls_tpm_privkey_delete: %s", gnutls_strerror (ret));
-+      exit(1);
-+    }
- 
-   fprintf (outfile, "Key %s deleted\n", url);
- }
-_at_@ -244,7 +258,10 @@ static void tpm_list(FILE* outfile)
-   
-   ret = gnutls_tpm_get_registered (&list);
-   if (ret < 0)
--    error (EXIT_FAILURE, 0, "gnutls_tpm_get_registered: %s", gnutls_strerror (ret));
-+    {
-+      fprintf (stderr, "gnutls_tpm_get_registered: %s", gnutls_strerror (ret));
-+      exit(1);
-+    }
-     
-   fprintf(outfile, "Available keys:\n");
-   for (i=0;;i++)
-_at_@ -253,7 +270,10 @@ static void tpm_list(FILE* outfile)
-       if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
-         break;
-       else if (ret < 0)
--        error (EXIT_FAILURE, 0, "gnutls_tpm_key_list_get_url: %s", gnutls_strerror (ret));
-+        {
-+          fprintf (stderr, "gnutls_tpm_key_list_get_url: %s", gnutls_strerror (ret));
-+          exit(1);
-+        }
-   
-       fprintf(outfile, "\t%u: %s\n", i, url);
-       gnutls_free(url);
-_at_@ -279,7 +299,10 @@ static void tpm_pubkey(const char* url, FILE* outfile)
-   free(srk_pass);
- 
-   if (ret < 0)
--    error (EXIT_FAILURE, 0, "gnutls_pubkey_import_tpm_url: %s", gnutls_strerror (ret));
-+    {
-+      fprintf (stderr, "gnutls_pubkey_import_tpm_url: %s", gnutls_strerror (ret));
-+      exit(1);
-+    }
- 
-   _pubkey_info(outfile, GNUTLS_CRT_PRINT_FULL, pubkey);
- 
--- 
-1.7.1
-
diff --git a/main/gnutls/libgmp.patch b/main/gnutls/libgmp.patch
deleted file mode 100644
index c6e2617..0000000
--- a/main/gnutls/libgmp.patch
+++ /dev/null
_at_@ -1,11 +0,0 @@
---- ./lib/nettle/Makefile.in.orig	2013-06-10 17:39:26.019517541 +0000
-+++ ./lib/nettle/Makefile.in	2013-06-10 17:39:38.629643690 +0000
-_at_@ -214,7 +214,7 @@
- CONFIG_CLEAN_FILES =
- CONFIG_CLEAN_VPATH_FILES =
- LTLIBRARIES = $(noinst_LTLIBRARIES)
--libcrypto_la_LIBADD =
-+libcrypto_la_LIBADD = -lgmp
- am_libcrypto_la_OBJECTS = pk.lo mpi.lo mac.lo cipher.lo rnd.lo init.lo \
- 	egd.lo
- libcrypto_la_OBJECTS = $(am_libcrypto_la_OBJECTS)
-- 
2.10.0
---
Unsubscribe:  alpine-aports+unsubscribe_at_lists.alpinelinux.org
Help:         alpine-aports+help_at_lists.alpinelinux.org
---
Received on Sun Sep 11 2016 - 15:38:03 GMT