tools/c_rehash


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61

#!/bin/sh
#
# redo the hashes for the certificates in your cert path or the ones passed
# on the command line.
#

if [ "$OPENSSL"x = "x" -o ! -x "$OPENSSL" ]; then
	OPENSSL='openssl'
	export OPENSSL
fi
DIR=/usr/ssl
PATH=$DIR/bin:$PATH

if [ ! -f "$OPENSSL" ]; then
    found=0
    for dir in . `echo $PATH | sed -e 's/:/ /g'`; do
        if [ -f "$dir/$OPENSSL" ]; then
            found=1
            break
        fi
    done
    if [ $found = 0 ]; then
        echo "c_rehash: rehashing skipped ('openssl' program not available)" 1>&2
        exit 0
    fi
fi

SSL_DIR=$DIR/certs

if [ "$*" = "" ]; then
	CERTS=${*:-${SSL_CERT_DIR:-$SSL_DIR}}
else
	CERTS=$*
fi

IFS=': '
for i in $CERTS
do
  (
  IFS=' '
  if [ -d $i -a -w $i ]; then
    cd $i
    echo "Doing $i"
    for i in *.pem
    do
      if [ $i != '*.pem' ]; then
        h=`$OPENSSL x509 -hash -noout -in $i`
	if [ "x$h" = "x" ]; then
	  echo $i does not contain a certificate
	else
          if [ -f $h.0 ]; then
            /bin/rm -f $h.0
          fi
          echo "$i => $h.0"
          ln -s $i $h.0
	fi
      fi
    done
  fi
  )
done