@@ -6248,6 +6248,7 @@ add_option (struct options *options,

 	}

 #endif

     }

+#ifdef USE_POLARSSL

   else if (streq (p[0], "pkcs12") && p[1])

     {

       VERIFY_PERMISSION (OPT_P_GENERAL);

@@ -6259,6 +6260,7 @@ add_option (struct options *options,

 	}

 #endif

     }

+#endif /* USE_POLARSSL */

   else if (streq (p[0], "askpass"))

     {

       VERIFY_PERMISSION (OPT_P_GENERAL);

@@ -6320,11 +6322,13 @@ add_option (struct options *options,

       warn_multiple_script (options->tls_verify, "tls-verify");

       options->tls_verify = string_substitute (p[1], ',', ' ', &options->gc);

     }

+#ifndef USE_POLARSSL

   else if (streq (p[0], "tls-export-cert") && p[1])

     {

       VERIFY_PERMISSION (OPT_P_GENERAL);

       options->tls_export_cert = p[1];

     }

+#endif

   else if (streq (p[0], "tls-remote") && p[1])

     {

       VERIFY_PERMISSION (OPT_P_GENERAL);

@@ -464,6 +464,34 @@ verify_cert_call_plugin(const struct plugin_list *plugins, struct env_set *es,

   return 0;

 }

+static const char *

+verify_cert_export_cert(x509_cert_t *peercert, const char *tmp_dir, struct gc_arena *gc)

+{

+  FILE *peercert_file;

+  const char *peercert_filename="";

+

+  if(!tmp_dir)

+      return NULL;

+

+  /* create tmp file to store peer cert */

+  peercert_filename = create_temp_file (tmp_dir, "pcf", gc);

+

+  /* write peer-cert in tmp-file */

+  peercert_file = fopen(peercert_filename, "w+");

+  if(!peercert_file)

+    {

+      msg (M_ERR, "Failed to open temporary file : %s", peercert_filename);

+      return NULL;

+    }

+

+  if (x509_write_pem(peercert_file, peercert))

+      msg (M_ERR, "Error writing PEM file containing certificate");

+

+  fclose(peercert_file);

+  return peercert_filename;

+}

+

+

 /*

  * run --tls-verify script

  */

@@ -481,7 +509,7 @@ verify_cert_call_command(const char *verify_command, struct env_set *es,

   if (verify_export_cert)

     {

       gc = gc_new();

-      if ((tmp_file=x509_write_cert(cert, verify_export_cert,&gc)))

+      if ((tmp_file=verify_cert_export_cert(cert, verify_export_cert, &gc)))

        {

          setenv_str(es, "peer_cert", tmp_file);

        }

@@ -98,7 +98,6 @@ void x509_free_subject (char *subject);

  *

  * @return 		a string containing the SHA1 hash of the certificate

  */

-

 unsigned char *x509_get_sha1_hash (x509_cert_t *cert);

 /*

@@ -247,8 +246,7 @@ bool x509_verify_cert_eku (x509_cert_t *x509, const char * const expected_oid);

  * @param tmp_dir	Temporary directory to store the directory

  * @param gc		gc_arena to store temporary objects in

  */

-const char *x509_write_cert(x509_cert_t *cert, const char *tmp_dir,

-    struct gc_arena *gc);

+bool x509_write_pem(FILE *peercert_file, x509_cert_t *peercert);

 /*

  * Check the certificate against a CRL file.

@@ -515,34 +515,15 @@ x509_verify_cert_eku (X509 *x509, const char * const expected_oid)

   return fFound;

 }

-const char *

-x509_write_cert(X509 *peercert, const char *tmp_dir, struct gc_arena *gc)

+bool

+x509_write_pem(FILE *peercert_file, X509 *peercert)

 {

-  FILE *peercert_file;

-  const char *peercert_filename="";

-

-  if(!tmp_dir)

-      return NULL;

-

-  /* create tmp file to store peer cert */

-  peercert_filename = create_temp_file (tmp_dir, "pcf", gc);

-

-  /* write peer-cert in tmp-file */

-  peercert_file = fopen(peercert_filename, "w+");

-  if(!peercert_file)

-    {

-      msg (M_ERR, "Failed to open temporary file : %s", peercert_filename);

-      return NULL;

-    }

-  if(PEM_write_X509(peercert_file,peercert)<0)

+  if (PEM_write_X509(peercert_file, peercert) < 0)

     {

       msg (M_ERR, "Failed to write peer certificate in PEM format");

-      fclose(peercert_file);

-      return NULL;

+      return true;

     }

-

-  fclose(peercert_file);

-  return peercert_filename;

+  return false;

 }

 #endif /* OPENSSL_VERSION_NUMBER */

@@ -372,35 +372,11 @@ x509_verify_cert_eku (x509_cert *cert, const char * const expected_oid)

     return fFound;

 }

-const char *

-x509_write_cert(x509_cert *peercert, const char *tmp_dir, struct gc_arena *gc)

+bool

+x509_write_pem(FILE *peercert_file, x509_cert *peercert)

 {

-  FILE *peercert_file;

-  const char *peercert_filename="";

-

-  if(!tmp_dir)

-      return NULL;

-

-  /* create tmp file to store peer cert */

-  peercert_filename = create_temp_file (tmp_dir, "pcf", gc);

-

-  /* write peer-cert in tmp-file */

-  peercert_file = fopen(peercert_filename, "w+");

-  if(!peercert_file)

-    {

-      msg (M_ERR, "Failed to open temporary file : %s", peercert_filename);

-      return NULL;

-    }

-

-//  if(PEM_write_X509(peercert_file,peercert)<0)

-//    {

-      msg (M_ERR, "PolarSSL does not support writing peer certificate in PEM format");

-      fclose(peercert_file);

-      return NULL;

-//    }

-

-  fclose(peercert_file);

-  return peercert_filename;

+    msg (M_WARN, "PolarSSL does not support writing peer certificate in PEM format");

+    return true;

 }

 /*