diff --git a/hooks/post-commit b/hooks/post-commit
index cd60344..f1b5bc0 100644
--- a/hooks/post-commit
+++ b/hooks/post-commit
@@ -105,6 +105,7 @@ retrieve_crl_for_most_recent_parent_timestamps() {
     local PARENTS=$(git cat-file -p "$COMMIT_HASH" | awk '/^$/{exit} /parent/ {print}' | sed 's/parent //')
     local RETURN_VAL=0
     if [ ! -z "$PARENTS" ]; then
+      local PARENT_HASH
       while read PARENT_HASH; do
         if ! retrieve_crl_for_most_recent_parent_timestamps "$PARENT_HASH"; then
           RETURN_VAL=1
@@ -115,7 +116,7 @@ retrieve_crl_for_most_recent_parent_timestamps() {
   fi
 
   #iterate over extracted token and download CRL data
-  for (( i=0; i<"$NUM_EXTRACTED"; i++)); do
+  for ((i=0; i<"$NUM_EXTRACTED"; i++)); do
     local TOKEN_FILE="${TOKEN_ARRAY[$i]}"
     local TSA_URL="${URL_ARRAY[$i]}"
     local DIGEST
@@ -159,14 +160,15 @@ fi
 
 DIGEST_TO_TIMESTAMP=''
 
-for ((i=0; i<2; i++)); do
-
+for ((i=0; i<3; i++)); do
   #add all ltv files
-  ls "$TMP_LTV_DIR"/*/* | while read SOURCE_FILE; do
-    TARGET_FILE="$LTV_DIR"${SOURCE_FILE#"$TMP_LTV_DIR"}
-    cp -f "$SOURCE_FILE" "$TARGET_FILE"
-    git add "$TARGET_FILE"
-  done
+  if ls "$TMP_LTV_DIR"/*/* &> "$OUT_STREAM"; then
+    ls "$TMP_LTV_DIR"/*/* | while read SOURCE_FILE; do
+      TARGET_FILE="$LTV_DIR"${SOURCE_FILE#"$TMP_LTV_DIR"}
+      cp -f "$SOURCE_FILE" "$TARGET_FILE"
+      git add "$TARGET_FILE"
+    done
+  fi
   TREE_HASH=$(git write-tree)
 
   declare PREIMAGE
@@ -179,7 +181,11 @@ for ((i=0; i<2; i++)); do
   fi
 
   #assert that this line is never reached in the second loop
-  assert "[ $i -eq 0 ]" "in second iteration there must be no new LTV data."
+  assert "[ $i -lt 2 ]" "after second iteration there must be no new LTV data."
+
+  if [ $i -eq 1 ]; then
+    echo_info "New LTV data has been added, need to request token again."
+  fi
 
   DIGEST_TO_TIMESTAMP="$NEW_DIGEST_TO_TIMESTAMP"
 
@@ -212,6 +218,7 @@ for ((i=0; i<2; i++)); do
         continue
       fi
     fi
+
     #validate token and download LTV data
     if ! verify_token_and_add_ltv_data "$TOKEN_FILE" "$DIGEST_TO_TIMESTAMP" "$TSA_URL"; then
       if [ ! "$TOKEN_OPTIONAL" ]; then
@@ -222,6 +229,7 @@ for ((i=0; i<2; i++)); do
         continue
       fi
     fi
+
     #add token to commit message
     openssl ts -reply -token_in -in "$TOKEN_FILE" -token_out -text -out "$TMP_DIR"/token.txt &> "$OUT_STREAM"
     #do not remove or change Info line (see license)
diff --git a/hooks/timestamping b/hooks/timestamping
index 770375e..30daeda 100644
--- a/hooks/timestamping
+++ b/hooks/timestamping
@@ -100,6 +100,7 @@ assert() {
     MESSAGE="$CONDITION"
   fi
   local -r STACK_DEPTH=${#BASH_SOURCE[@]}
+  local -i i
   local -r BACKTRACE="for ((i=1; i<$STACK_DEPTH; i++)); do
                         echo_error "\"'  [$i]: ${BASH_SOURCE[$i]} : ${FUNCNAME[$i]} line ${BASH_LINENO[$i-1]}'\""
                       done"
@@ -214,6 +215,7 @@ extract_token_from_commit() {
 
   local -r TMP_DER="$TMP_DIR"/extracted_token.der
   local -i IDX=0;
+  local -i i
   for (( i=1; i<=$NUM_EXTRACTED; i++ )); do
     local EXTRACTED_PEM_FILE="$TMP_DIR"/"$i".extracted_token.pem
     local EXTRACTED_TOKEN="$TOKEN_DIR"/"$IDX".extracted_token.tst
@@ -421,6 +423,7 @@ build_certificate_chain_for_token() {
   get_tsa_cert_id "$TOKEN_FILE" SIGNING_CERT_ID
   local CERT_ID_HASH_ALGO=""
   get_cert_id_hash_agorithm "$TOKEN_FILE" CERT_ID_HASH_ALGO
+  local -i i
   for i in {1..10} ;do
     #request dummy token. Use current commit digest
     request_token "$TSA_URL" "$DIGEST" true "$DUMMY_TOKEN"
@@ -438,6 +441,7 @@ build_certificate_chain_for_token() {
     { print > tmpdir i ".extracted.pem.cer" }' tmpdir="$TMP_DIR/"
 
     #find cetificate that signed token
+    local EXTRACTED_CERT
     while read EXTRACTED_CERT; do
       local CERT_ID=$(openssl x509 -inform PEM -in "$EXTRACTED_CERT" -outform DER | openssl dgst -"$CERT_ID_HASH_ALGO" -binary | xxd -p -c 256)
       #if openssl ts -verify -digest "$DIGEST" -in "$TOKEN_FILE" -token_in -partial_chain -CAfile "$EXTRACTED_CERT" &> "$OUT_STREAM"; then
@@ -471,6 +475,7 @@ build_certificate_chain_for_token() {
     
     #otherwise try to find in trust store
     if ls "$CA_PATH"/*.0 &> "$OUT_STREAM"; then
+      local TRUSTED_CERT
       while read TRUSTED_CERT; do
         if openssl verify -partial_chain -CAfile "$TRUSTED_CERT" "${CHAIN[-1]}" &> "$OUT_STREAM"; then
           CHAIN+=("$TRUSTED_CERT")
@@ -505,6 +510,7 @@ build_certificate_chain_for_token() {
   done
 
   echo -n > "$OUT_CERT_FILE"
+  local CERT
   for CERT in "${CHAIN[@]}"; do
     openssl x509 -in "$CERT" -noout -subject >> "$OUT_CERT_FILE"
     echo '' >> "$OUT_CERT_FILE"
@@ -541,6 +547,7 @@ download_crls_for_chain() {
   assert "[ $NUM_EXTRACTED -gt 0 ]" "Precondition: Certificate file $CERT_FILE must contain at least one certificate in PEM format."
 
   #iterate over certificates. Ignore self-signed certificates
+  local EXTRACTED_CERT
   ls "$TMP_DIR"/*.extracted.pem.cer | while read EXTRACTED_CERT; do
     if ! openssl verify -CAfile "$EXTRACTED_CERT" "$EXTRACTED_CERT" &> "$OUT_STREAM"; then
       local URL=$(openssl x509 -inform PEM -in $EXTRACTED_CERT -text -noout \