diff options
author | marha <marha@users.sourceforge.net> | 2014-10-19 11:31:33 +0200 |
---|---|---|
committer | marha <marha@users.sourceforge.net> | 2014-10-19 11:33:30 +0200 |
commit | a14858a22f164b5accc4bd192a5d3de21d88e3d1 (patch) | |
tree | 6a0005fed0f248559139016a7310add07fcb62df /openssl/doc/apps/c_rehash.pod | |
parent | fa5a6df66cfe9b19014ea9d2fca35b762f457041 (diff) | |
download | vcxsrv-a14858a22f164b5accc4bd192a5d3de21d88e3d1.tar.gz vcxsrv-a14858a22f164b5accc4bd192a5d3de21d88e3d1.tar.bz2 vcxsrv-a14858a22f164b5accc4bd192a5d3de21d88e3d1.zip |
Update to openssl-1.0.1j
Diffstat (limited to 'openssl/doc/apps/c_rehash.pod')
-rw-r--r-- | openssl/doc/apps/c_rehash.pod | 81 |
1 files changed, 81 insertions, 0 deletions
diff --git a/openssl/doc/apps/c_rehash.pod b/openssl/doc/apps/c_rehash.pod new file mode 100644 index 000000000..c564e8631 --- /dev/null +++ b/openssl/doc/apps/c_rehash.pod @@ -0,0 +1,81 @@ +=pod + +=for comment +Original text by James Westby, contributed under the OpenSSL license. + +=head1 NAME + +c_rehash - Create symbolic links to files named by the hash values + +=head1 SYNOPSIS + +B<c_rehash> +[ I<directory>...] + +=head1 DESCRIPTION + +B<c_rehash> scans directories and calculates a hash value of each C<.pem> +file in the specified directory list and creates symbolic links +for each file, where the name of the link is the hash value. +This utility is useful as many programs that use OpenSSL require +directories to be set up like this in order to find certificates. + +If any directories are named on the command line, then those are +processed in turn. If not, then the B<SSL_CERT_DIR> environment variable +is consulted; this shold be a colon-separated list of directories, +like the Unix B<PATH> variable. +If that is not set then the default directory (installation-specific +but often B</usr/local/ssl/certs>) is processed. + +In order for a directory to be processed, the user must have write +permissions on that directory, otherwise it will be skipped. +The links created are of the form C<HHHHHHHH.D>, where each B<H> +is a hexadecimal character and B<D> is a single decimal digit. +When processing a directory, B<c_rehash> will first remove all links +that have a name in that syntax. If you have links in that format +used for other purposes, they will be removed. +Hashes for CRL's look similar except the letter B<r> appears after +the period, like this: C<HHHHHHHH.rD>. + +Multiple objects may have the same hash; they will be indicated by +incrementing the B<D> value. Duplicates are found by comparing the +full SHA-1 fingerprint. A warning will be displayed if a duplicate +is found. + +A warning will also be displayed if there are B<.pem> files that +cannot be parsed as either a certificate or a CRL. + +The program uses the B<openssl> program to compute the hashes and +fingerprints. If not found in the user's B<PATH>, then set the +B<OPENSSL> environment variable to the full pathname. +Any program can be used, it will be invoked as follows for either +a certificate or CRL: + + $OPENSSL x509 -hash -fingerprint -noout -in FFFFFF + $OPENSSL crl -hash -fingerprint -noout -in FFFFFF + +where B<FFFFFF> is the filename. It must output the hash of the +file on the first line, and the fingerprint on the second, +optionally prefixed with some text and an equals sign. + +=head1 ENVIRONMENT + +=over + +=item B<OPENSSL> + +The path to an executable to use to generate hashes and +fingerprints (see above). + +=item B<SSL_CERT_DIR> + +Colon separated list of directories to operate on. +Ignored if directories are listed on the command line. + +=back + +=head1 SEE ALSO + +L<openssl(1)|openssl(1)>, +L<crl(1)|crl(1)>. +L<x509(1)|x509(1)>. |