From ef720a67ab8469e009c41714aeff9a34242aa380 Mon Sep 17 00:00:00 2001 From: Matthias Andree Date: Sun, 7 Sep 2014 18:45:02 -0400 Subject: RT2272: Add old-style hash to c_rehash In addition to Matthias's change, I also added -n to not remove links. And updated the manpage. Reviewed-by: Tim Hudson (cherry picked from commit a787c2590e468585a1a19738e0c7f481ec91b762) --- doc/apps/c_rehash.pod | 38 +++++++++++++++++++++++++++++++++++--- 1 file changed, 35 insertions(+), 3 deletions(-) (limited to 'doc') diff --git a/doc/apps/c_rehash.pod b/doc/apps/c_rehash.pod index 9f2a15b736..ccce29e47b 100644 --- a/doc/apps/c_rehash.pod +++ b/doc/apps/c_rehash.pod @@ -10,6 +10,10 @@ c_rehash - Create symbolic links to files named by the hash values =head1 SYNOPSIS B +B<[-old]> +B<[-h]> +B<[-n]> +B<[-v]> [ I...] =head1 DESCRIPTION @@ -18,6 +22,7 @@ B scans directories and calculates a hash value of each C<.pem>, C<.crt>, C<.cer>, or C<.crl> file in the specified directory list and creates symbolic links for each file, where the name of the link is the hash value. +(If the platform does not support symbolic links, a copy is made.) This utility is useful as many programs that use OpenSSL require directories to be set up like this in order to find certificates. @@ -35,6 +40,7 @@ is a hexadecimal character and B is a single decimal digit. When processing a directory, B will first remove all links that have a name in that syntax. If you have links in that format used for other purposes, they will be removed. +To skip the removal step, use the B<-n> flag. Hashes for CRL's look similar except the letter B appears after the period, like this: C. @@ -52,13 +58,39 @@ B environment variable to the full pathname. Any program can be used, it will be invoked as follows for either a certificate or CRL: - $OPENSSL x509 -hash -fingerprint -noout -in FFFFFF - $OPENSSL crl -hash -fingerprint -noout -in FFFFFF + $OPENSSL x509 -hash -fingerprint -noout -in FILENAME + $OPENSSL crl -hash -fingerprint -noout -in FILENAME -where B is the filename. It must output the hash of the +where B is the filename. It must output the hash of the file on the first line, and the fingerprint on the second, optionally prefixed with some text and an equals sign. +=head1 OPTIONS + +=over 4 + +=item B<-old> + +Use old-style hashing (MD5, as opposed to SHA-1) for generating +links for releases before 1.0.0. Note that current versions will +not use the old style. + +=item B<-h> + +Display a brief usage message. + +=item B<-n> + +Do not remove existing links. +This is needed when keeping new and old-style links in the same directory. + +=item B<-v> + +Print messages about old links removed and new links created. +By default, B only lists each directory as it is processed. + +=back + =head1 ENVIRONMENT =over -- cgit v1.2.3