From cf2239b3b397174a8a6b1cc84ff68aba34ed5941 Mon Sep 17 00:00:00 2001 From: James Westby Date: Thu, 14 Aug 2014 10:14:35 -0400 Subject: [PATCH] RT1941: c_rehash.pod is missing Add the file written by James Westby, graciously contributed under the terms of the OpenSSL license. Reviewed-by: Andy Polyakov --- doc/apps/c_rehash.pod | 81 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 81 insertions(+) create mode 100644 doc/apps/c_rehash.pod diff --git a/doc/apps/c_rehash.pod b/doc/apps/c_rehash.pod new file mode 100644 index 0000000000..c564e86315 --- /dev/null +++ b/doc/apps/c_rehash.pod @@ -0,0 +1,81 @@ +=pod + +=for comment +Original text by James Westby, contributed under the OpenSSL license. + +=head1 NAME + +c_rehash - Create symbolic links to files named by the hash values + +=head1 SYNOPSIS + +B +[ I...] + +=head1 DESCRIPTION + +B scans directories and calculates a hash value of each C<.pem> +file in the specified directory list and creates symbolic links +for each file, where the name of the link is the hash value. +This utility is useful as many programs that use OpenSSL require +directories to be set up like this in order to find certificates. + +If any directories are named on the command line, then those are +processed in turn. If not, then the B environment variable +is consulted; this shold be a colon-separated list of directories, +like the Unix B variable. +If that is not set then the default directory (installation-specific +but often B) is processed. + +In order for a directory to be processed, the user must have write +permissions on that directory, otherwise it will be skipped. +The links created are of the form C, where each B +is a hexadecimal character and B is a single decimal digit. +When processing a directory, B will first remove all links +that have a name in that syntax. If you have links in that format +used for other purposes, they will be removed. +Hashes for CRL's look similar except the letter B appears after +the period, like this: C. + +Multiple objects may have the same hash; they will be indicated by +incrementing the B value. Duplicates are found by comparing the +full SHA-1 fingerprint. A warning will be displayed if a duplicate +is found. + +A warning will also be displayed if there are B<.pem> files that +cannot be parsed as either a certificate or a CRL. + +The program uses the B program to compute the hashes and +fingerprints. If not found in the user's B, then set the +B environment variable to the full pathname. +Any program can be used, it will be invoked as follows for either +a certificate or CRL: + + $OPENSSL x509 -hash -fingerprint -noout -in FFFFFF + $OPENSSL crl -hash -fingerprint -noout -in FFFFFF + +where B is the filename. It must output the hash of the +file on the first line, and the fingerprint on the second, +optionally prefixed with some text and an equals sign. + +=head1 ENVIRONMENT + +=over + +=item B + +The path to an executable to use to generate hashes and +fingerprints (see above). + +=item B + +Colon separated list of directories to operate on. +Ignored if directories are listed on the command line. + +=back + +=head1 SEE ALSO + +L, +L. +L. -- 2.25.1