1273138Sjkim=pod 2273138Sjkim 3273138Sjkim=for comment 4273138SjkimOriginal text by James Westby, contributed under the OpenSSL license. 5273138Sjkim 6273138Sjkim=head1 NAME 7273138Sjkim 8273138Sjkimc_rehash - Create symbolic links to files named by the hash values 9273138Sjkim 10273138Sjkim=head1 SYNOPSIS 11273138Sjkim 12273138SjkimB<c_rehash> 13273138Sjkim[ I<directory>...] 14273138Sjkim 15273138Sjkim=head1 DESCRIPTION 16273138Sjkim 17273138SjkimB<c_rehash> scans directories and calculates a hash value of each C<.pem> 18273138Sjkimfile in the specified directory list and creates symbolic links 19273138Sjkimfor each file, where the name of the link is the hash value. 20273138SjkimThis utility is useful as many programs that use OpenSSL require 21273138Sjkimdirectories to be set up like this in order to find certificates. 22273138Sjkim 23273138SjkimIf any directories are named on the command line, then those are 24273138Sjkimprocessed in turn. If not, then the B<SSL_CERT_DIR> environment variable 25273138Sjkimis consulted; this shold be a colon-separated list of directories, 26273138Sjkimlike the Unix B<PATH> variable. 27273138SjkimIf that is not set then the default directory (installation-specific 28273138Sjkimbut often B</usr/local/ssl/certs>) is processed. 29273138Sjkim 30273138SjkimIn order for a directory to be processed, the user must have write 31273138Sjkimpermissions on that directory, otherwise it will be skipped. 32273138SjkimThe links created are of the form C<HHHHHHHH.D>, where each B<H> 33273138Sjkimis a hexadecimal character and B<D> is a single decimal digit. 34273138SjkimWhen processing a directory, B<c_rehash> will first remove all links 35273138Sjkimthat have a name in that syntax. If you have links in that format 36273138Sjkimused for other purposes, they will be removed. 37273138SjkimHashes for CRL's look similar except the letter B<r> appears after 38273138Sjkimthe period, like this: C<HHHHHHHH.rD>. 39273138Sjkim 40273138SjkimMultiple objects may have the same hash; they will be indicated by 41273138Sjkimincrementing the B<D> value. Duplicates are found by comparing the 42273138Sjkimfull SHA-1 fingerprint. A warning will be displayed if a duplicate 43273138Sjkimis found. 44273138Sjkim 45273138SjkimA warning will also be displayed if there are B<.pem> files that 46273138Sjkimcannot be parsed as either a certificate or a CRL. 47273138Sjkim 48273138SjkimThe program uses the B<openssl> program to compute the hashes and 49273138Sjkimfingerprints. If not found in the user's B<PATH>, then set the 50273138SjkimB<OPENSSL> environment variable to the full pathname. 51273138SjkimAny program can be used, it will be invoked as follows for either 52273138Sjkima certificate or CRL: 53273138Sjkim 54273138Sjkim $OPENSSL x509 -hash -fingerprint -noout -in FFFFFF 55273138Sjkim $OPENSSL crl -hash -fingerprint -noout -in FFFFFF 56273138Sjkim 57273138Sjkimwhere B<FFFFFF> is the filename. It must output the hash of the 58273138Sjkimfile on the first line, and the fingerprint on the second, 59273138Sjkimoptionally prefixed with some text and an equals sign. 60273138Sjkim 61273138Sjkim=head1 ENVIRONMENT 62273138Sjkim 63273138Sjkim=over 64273138Sjkim 65273138Sjkim=item B<OPENSSL> 66273138Sjkim 67273138SjkimThe path to an executable to use to generate hashes and 68273138Sjkimfingerprints (see above). 69273138Sjkim 70273138Sjkim=item B<SSL_CERT_DIR> 71273138Sjkim 72273138SjkimColon separated list of directories to operate on. 73273138SjkimIgnored if directories are listed on the command line. 74273138Sjkim 75273138Sjkim=back 76273138Sjkim 77273138Sjkim=head1 SEE ALSO 78273138Sjkim 79273138SjkimL<openssl(1)|openssl(1)>, 80273138SjkimL<crl(1)|crl(1)>. 81273138SjkimL<x509(1)|x509(1)>. 82