diff options
author | Matthias Andree <matthias.andree@gmx.de> | 2014-09-07 18:45:02 -0400 |
---|---|---|
committer | Rich Salz <rsalz@openssl.org> | 2014-09-08 11:35:25 -0400 |
commit | ef720a67ab8469e009c41714aeff9a34242aa380 (patch) | |
tree | 4cf0ea2ba51d4c5b9c9ea5b8133e46b6968904ee /doc/apps/c_rehash.pod | |
parent | f28c48d07ea763584e44296650f03fb4e8c28046 (diff) |
RT2272: Add old-style hash to c_rehash
In addition to Matthias's change, I also added -n to
not remove links. And updated the manpage.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit a787c2590e468585a1a19738e0c7f481ec91b762)
Diffstat (limited to 'doc/apps/c_rehash.pod')
-rw-r--r-- | doc/apps/c_rehash.pod | 38 |
1 files changed, 35 insertions, 3 deletions
diff --git a/doc/apps/c_rehash.pod b/doc/apps/c_rehash.pod index 9f2a15b736..ccce29e47b 100644 --- a/doc/apps/c_rehash.pod +++ b/doc/apps/c_rehash.pod @@ -10,6 +10,10 @@ c_rehash - Create symbolic links to files named by the hash values =head1 SYNOPSIS B<c_rehash> +B<[-old]> +B<[-h]> +B<[-n]> +B<[-v]> [ I<directory>...] =head1 DESCRIPTION @@ -18,6 +22,7 @@ B<c_rehash> scans directories and calculates a hash value of each C<.pem>, C<.crt>, C<.cer>, or C<.crl> file in the specified directory list and creates symbolic links for each file, where the name of the link is the hash value. +(If the platform does not support symbolic links, a copy is made.) This utility is useful as many programs that use OpenSSL require directories to be set up like this in order to find certificates. @@ -35,6 +40,7 @@ is a hexadecimal character and B<D> is a single decimal digit. When processing a directory, B<c_rehash> will first remove all links that have a name in that syntax. If you have links in that format used for other purposes, they will be removed. +To skip the removal step, use the B<-n> flag. Hashes for CRL's look similar except the letter B<r> appears after the period, like this: C<HHHHHHHH.rD>. @@ -52,13 +58,39 @@ B<OPENSSL> environment variable to the full pathname. Any program can be used, it will be invoked as follows for either a certificate or CRL: - $OPENSSL x509 -hash -fingerprint -noout -in FFFFFF - $OPENSSL crl -hash -fingerprint -noout -in FFFFFF + $OPENSSL x509 -hash -fingerprint -noout -in FILENAME + $OPENSSL crl -hash -fingerprint -noout -in FILENAME -where B<FFFFFF> is the filename. It must output the hash of the +where B<FILENAME> is the filename. It must output the hash of the file on the first line, and the fingerprint on the second, optionally prefixed with some text and an equals sign. +=head1 OPTIONS + +=over 4 + +=item B<-old> + +Use old-style hashing (MD5, as opposed to SHA-1) for generating +links for releases before 1.0.0. Note that current versions will +not use the old style. + +=item B<-h> + +Display a brief usage message. + +=item B<-n> + +Do not remove existing links. +This is needed when keeping new and old-style links in the same directory. + +=item B<-v> + +Print messages about old links removed and new links created. +By default, B<c_rehash> only lists each directory as it is processed. + +=back + =head1 ENVIRONMENT =over |