1273138Sjkim=pod 2273138Sjkim 3273138Sjkim=for comment 4273138SjkimOriginal text by James Westby, contributed under the OpenSSL license. 5273138Sjkim 6273138Sjkim=head1 NAME 7273138Sjkim 8273138Sjkimc_rehash - Create symbolic links to files named by the hash values 9273138Sjkim 10273138Sjkim=head1 SYNOPSIS 11273138Sjkim 12273138SjkimB<c_rehash> 13290207SjkimB<[-old]> 14290207SjkimB<[-h]> 15290207SjkimB<[-n]> 16290207SjkimB<[-v]> 17273138Sjkim[ I<directory>...] 18273138Sjkim 19273138Sjkim=head1 DESCRIPTION 20273138Sjkim 21290207SjkimB<c_rehash> scans directories and calculates a hash value of each 22290207SjkimC<.pem>, C<.crt>, C<.cer>, or C<.crl> 23273138Sjkimfile in the specified directory list and creates symbolic links 24273138Sjkimfor each file, where the name of the link is the hash value. 25290207Sjkim(If the platform does not support symbolic links, a copy is made.) 26273138SjkimThis utility is useful as many programs that use OpenSSL require 27273138Sjkimdirectories to be set up like this in order to find certificates. 28273138Sjkim 29273138SjkimIf any directories are named on the command line, then those are 30273138Sjkimprocessed in turn. If not, then the B<SSL_CERT_DIR> environment variable 31273138Sjkimis consulted; this shold be a colon-separated list of directories, 32273138Sjkimlike the Unix B<PATH> variable. 33273138SjkimIf that is not set then the default directory (installation-specific 34273138Sjkimbut often B</usr/local/ssl/certs>) is processed. 35273138Sjkim 36273138SjkimIn order for a directory to be processed, the user must have write 37273138Sjkimpermissions on that directory, otherwise it will be skipped. 38273138SjkimThe links created are of the form C<HHHHHHHH.D>, where each B<H> 39273138Sjkimis a hexadecimal character and B<D> is a single decimal digit. 40273138SjkimWhen processing a directory, B<c_rehash> will first remove all links 41273138Sjkimthat have a name in that syntax. If you have links in that format 42273138Sjkimused for other purposes, they will be removed. 43290207SjkimTo skip the removal step, use the B<-n> flag. 44273138SjkimHashes for CRL's look similar except the letter B<r> appears after 45273138Sjkimthe period, like this: C<HHHHHHHH.rD>. 46273138Sjkim 47273138SjkimMultiple objects may have the same hash; they will be indicated by 48273138Sjkimincrementing the B<D> value. Duplicates are found by comparing the 49273138Sjkimfull SHA-1 fingerprint. A warning will be displayed if a duplicate 50273138Sjkimis found. 51273138Sjkim 52290207SjkimA warning will also be displayed if there are files that 53273138Sjkimcannot be parsed as either a certificate or a CRL. 54273138Sjkim 55273138SjkimThe program uses the B<openssl> program to compute the hashes and 56273138Sjkimfingerprints. If not found in the user's B<PATH>, then set the 57273138SjkimB<OPENSSL> environment variable to the full pathname. 58273138SjkimAny program can be used, it will be invoked as follows for either 59273138Sjkima certificate or CRL: 60273138Sjkim 61290207Sjkim $OPENSSL x509 -hash -fingerprint -noout -in FILENAME 62290207Sjkim $OPENSSL crl -hash -fingerprint -noout -in FILENAME 63273138Sjkim 64290207Sjkimwhere B<FILENAME> is the filename. It must output the hash of the 65273138Sjkimfile on the first line, and the fingerprint on the second, 66273138Sjkimoptionally prefixed with some text and an equals sign. 67273138Sjkim 68290207Sjkim=head1 OPTIONS 69290207Sjkim 70290207Sjkim=over 4 71290207Sjkim 72290207Sjkim=item B<-old> 73290207Sjkim 74290207SjkimUse old-style hashing (MD5, as opposed to SHA-1) for generating 75290207Sjkimlinks for releases before 1.0.0. Note that current versions will 76290207Sjkimnot use the old style. 77290207Sjkim 78290207Sjkim=item B<-h> 79290207Sjkim 80290207SjkimDisplay a brief usage message. 81290207Sjkim 82290207Sjkim=item B<-n> 83290207Sjkim 84290207SjkimDo not remove existing links. 85290207SjkimThis is needed when keeping new and old-style links in the same directory. 86290207Sjkim 87290207Sjkim=item B<-v> 88290207Sjkim 89290207SjkimPrint messages about old links removed and new links created. 90290207SjkimBy default, B<c_rehash> only lists each directory as it is processed. 91290207Sjkim 92290207Sjkim=back 93290207Sjkim 94273138Sjkim=head1 ENVIRONMENT 95273138Sjkim 96273138Sjkim=over 97273138Sjkim 98273138Sjkim=item B<OPENSSL> 99273138Sjkim 100273138SjkimThe path to an executable to use to generate hashes and 101273138Sjkimfingerprints (see above). 102273138Sjkim 103273138Sjkim=item B<SSL_CERT_DIR> 104273138Sjkim 105273138SjkimColon separated list of directories to operate on. 106273138SjkimIgnored if directories are listed on the command line. 107273138Sjkim 108273138Sjkim=back 109273138Sjkim 110273138Sjkim=head1 SEE ALSO 111273138Sjkim 112273138SjkimL<openssl(1)|openssl(1)>, 113273138SjkimL<crl(1)|crl(1)>. 114273138SjkimL<x509(1)|x509(1)>. 115