diff options
Diffstat (limited to 'openssl/tools')
-rw-r--r-- | openssl/tools/Makefile | 58 | ||||
-rw-r--r-- | openssl/tools/c89.sh | 15 | ||||
-rw-r--r-- | openssl/tools/c_hash | 9 | ||||
-rw-r--r-- | openssl/tools/c_info | 12 | ||||
-rw-r--r-- | openssl/tools/c_issuer | 10 | ||||
-rw-r--r-- | openssl/tools/c_name | 10 | ||||
-rw-r--r-- | openssl/tools/c_rehash | 160 | ||||
-rw-r--r-- | openssl/tools/c_rehash.in | 160 |
8 files changed, 434 insertions, 0 deletions
diff --git a/openssl/tools/Makefile b/openssl/tools/Makefile new file mode 100644 index 000000000..4ca835c4a --- /dev/null +++ b/openssl/tools/Makefile @@ -0,0 +1,58 @@ +# +# OpenSSL/tools/Makefile +# + +DIR= tools +TOP= .. +CC= cc +INCLUDES= -I$(TOP) -I../../include +CFLAG=-g +MAKEFILE= Makefile + +CFLAGS= $(INCLUDES) $(CFLAG) + +GENERAL=Makefile +TEST= +APPS= c_rehash +MISC_APPS= c_hash c_info c_issuer c_name + +all: + +install: + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @for i in $(APPS) ; \ + do \ + (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \ + chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \ + mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i ); \ + done; + @for i in $(MISC_APPS) ; \ + do \ + (cp $$i $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i.new; \ + chmod 755 $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i.new; \ + mv -f $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i.new $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i ); \ + done; + +files: + $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO + +links: + +lint: + +tags: + +errors: + +depend: + +dclean: + $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new + mv -f Makefile.new $(MAKEFILE) + +clean: + rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff + +errors: + +# DO NOT DELETE THIS LINE -- make depend depends on it. diff --git a/openssl/tools/c89.sh b/openssl/tools/c89.sh new file mode 100644 index 000000000..b25c9fda2 --- /dev/null +++ b/openssl/tools/c89.sh @@ -0,0 +1,15 @@ +#!/bin/sh -k +# +# Re-order arguments so that -L comes first +# +opts="" +lopts="" + +for arg in $* ; do + case $arg in + -L*) lopts="$lopts $arg" ;; + *) opts="$opts $arg" ;; + esac +done + +c89 $lopts $opts diff --git a/openssl/tools/c_hash b/openssl/tools/c_hash new file mode 100644 index 000000000..5e0a90817 --- /dev/null +++ b/openssl/tools/c_hash @@ -0,0 +1,9 @@ +#!/bin/sh +# print out the hash values +# + +for i in $* +do + h=`openssl x509 -hash -noout -in $i` + echo "$h.0 => $i" +done diff --git a/openssl/tools/c_info b/openssl/tools/c_info new file mode 100644 index 000000000..0e1e633b6 --- /dev/null +++ b/openssl/tools/c_info @@ -0,0 +1,12 @@ +#!/bin/sh +# +# print the subject +# + +for i in $* +do + n=`openssl x509 -subject -issuer -enddate -noout -in $i` + echo "$i" + echo "$n" + echo "--------" +done diff --git a/openssl/tools/c_issuer b/openssl/tools/c_issuer new file mode 100644 index 000000000..55821ab74 --- /dev/null +++ b/openssl/tools/c_issuer @@ -0,0 +1,10 @@ +#!/bin/sh +# +# print out the issuer +# + +for i in $* +do + n=`openssl x509 -issuer -noout -in $i` + echo "$i $n" +done diff --git a/openssl/tools/c_name b/openssl/tools/c_name new file mode 100644 index 000000000..28800c0b3 --- /dev/null +++ b/openssl/tools/c_name @@ -0,0 +1,10 @@ +#!/bin/sh +# +# print the subject +# + +for i in $* +do + n=`openssl x509 -subject -noout -in $i` + echo "$i $n" +done diff --git a/openssl/tools/c_rehash b/openssl/tools/c_rehash new file mode 100644 index 000000000..e614fb546 --- /dev/null +++ b/openssl/tools/c_rehash @@ -0,0 +1,160 @@ +#!/usr/bin/perl + + +# Perl c_rehash script, scan all files in a directory +# and add symbolic links to their hash values. + +my $openssl; + +my $dir = "/usr/local/ssl"; + +if(defined $ENV{OPENSSL}) { + $openssl = $ENV{OPENSSL}; +} else { + $openssl = "openssl"; + $ENV{OPENSSL} = $openssl; +} + +$ENV{PATH} .= ":$dir/bin"; + +if(! -x $openssl) { + my $found = 0; + foreach (split /:/, $ENV{PATH}) { + if(-x "$_/$openssl") { + $found = 1; + last; + } + } + if($found == 0) { + print STDERR "c_rehash: rehashing skipped ('openssl' program not available)\n"; + exit 0; + } +} + +if(@ARGV) { + @dirlist = @ARGV; +} elsif($ENV{SSL_CERT_DIR}) { + @dirlist = split /:/, $ENV{SSL_CERT_DIR}; +} else { + $dirlist[0] = "$dir/certs"; +} + + +foreach (@dirlist) { + if(-d $_ and -w $_) { + hash_dir($_); + } +} + +sub hash_dir { + my %hashlist; + print "Doing $_[0]\n"; + chdir $_[0]; + opendir(DIR, "."); + my @flist = readdir(DIR); + # Delete any existing symbolic links + foreach (grep {/^[\da-f]+\.r{0,1}\d+$/} @flist) { + if(-l $_) { + unlink $_; + } + } + closedir DIR; + FILE: foreach $fname (grep {/\.pem$/} @flist) { + # Check to see if certificates and/or CRLs present. + my ($cert, $crl) = check_file($fname); + if(!$cert && !$crl) { + print STDERR "WARNING: $fname does not contain a certificate or CRL: skipping\n"; + next; + } + link_hash_cert($fname) if($cert); + link_hash_crl($fname) if($crl); + } +} + +sub check_file { + my ($is_cert, $is_crl) = (0,0); + my $fname = $_[0]; + open IN, $fname; + while(<IN>) { + if(/^-----BEGIN (.*)-----/) { + my $hdr = $1; + if($hdr =~ /^(X509 |TRUSTED |)CERTIFICATE$/) { + $is_cert = 1; + last if($is_crl); + } elsif($hdr eq "X509 CRL") { + $is_crl = 1; + last if($is_cert); + } + } + } + close IN; + return ($is_cert, $is_crl); +} + + +# Link a certificate to its subject name hash value, each hash is of +# the form <hash>.<n> where n is an integer. If the hash value already exists +# then we need to up the value of n, unless its a duplicate in which +# case we skip the link. We check for duplicates by comparing the +# certificate fingerprints + +sub link_hash_cert { + my $fname = $_[0]; + $fname =~ s/'/'\\''/g; + my ($hash, $fprint) = `"$openssl" x509 -hash -fingerprint -noout -in '$fname'`; + chomp $hash; + chomp $fprint; + $fprint =~ s/^.*=//; + $fprint =~ tr/://d; + my $suffix = 0; + # Search for an unused hash filename + while(exists $hashlist{"$hash.$suffix"}) { + # Hash matches: if fingerprint matches its a duplicate cert + if($hashlist{"$hash.$suffix"} eq $fprint) { + print STDERR "WARNING: Skipping duplicate certificate $fname\n"; + return; + } + $suffix++; + } + $hash .= ".$suffix"; + print "$fname => $hash\n"; + $symlink_exists=eval {symlink("",""); 1}; + if ($symlink_exists) { + symlink $fname, $hash; + } else { + system ("cp", $fname, $hash); + } + $hashlist{$hash} = $fprint; +} + +# Same as above except for a CRL. CRL links are of the form <hash>.r<n> + +sub link_hash_crl { + my $fname = $_[0]; + $fname =~ s/'/'\\''/g; + my ($hash, $fprint) = `"$openssl" crl -hash -fingerprint -noout -in '$fname'`; + chomp $hash; + chomp $fprint; + $fprint =~ s/^.*=//; + $fprint =~ tr/://d; + my $suffix = 0; + # Search for an unused hash filename + while(exists $hashlist{"$hash.r$suffix"}) { + # Hash matches: if fingerprint matches its a duplicate cert + if($hashlist{"$hash.r$suffix"} eq $fprint) { + print STDERR "WARNING: Skipping duplicate CRL $fname\n"; + return; + } + $suffix++; + } + $hash .= ".r$suffix"; + print "$fname => $hash\n"; + $symlink_exists=eval {symlink("",""); 1}; + if ($symlink_exists) { + symlink $fname, $hash; + } else { + system ("cp", $fname, $hash); + } + $hashlist{$hash} = $fprint; +} + diff --git a/openssl/tools/c_rehash.in b/openssl/tools/c_rehash.in new file mode 100644 index 000000000..4497cbd9f --- /dev/null +++ b/openssl/tools/c_rehash.in @@ -0,0 +1,160 @@ +#!/usr/local/bin/perl + + +# Perl c_rehash script, scan all files in a directory +# and add symbolic links to their hash values. + +my $openssl; + +my $dir; + +if(defined $ENV{OPENSSL}) { + $openssl = $ENV{OPENSSL}; +} else { + $openssl = "openssl"; + $ENV{OPENSSL} = $openssl; +} + +$ENV{PATH} .= ":$dir/bin"; + +if(! -x $openssl) { + my $found = 0; + foreach (split /:/, $ENV{PATH}) { + if(-x "$_/$openssl") { + $found = 1; + last; + } + } + if($found == 0) { + print STDERR "c_rehash: rehashing skipped ('openssl' program not available)\n"; + exit 0; + } +} + +if(@ARGV) { + @dirlist = @ARGV; +} elsif($ENV{SSL_CERT_DIR}) { + @dirlist = split /:/, $ENV{SSL_CERT_DIR}; +} else { + $dirlist[0] = "$dir/certs"; +} + + +foreach (@dirlist) { + if(-d $_ and -w $_) { + hash_dir($_); + } +} + +sub hash_dir { + my %hashlist; + print "Doing $_[0]\n"; + chdir $_[0]; + opendir(DIR, "."); + my @flist = readdir(DIR); + # Delete any existing symbolic links + foreach (grep {/^[\da-f]+\.r{0,1}\d+$/} @flist) { + if(-l $_) { + unlink $_; + } + } + closedir DIR; + FILE: foreach $fname (grep {/\.pem$/} @flist) { + # Check to see if certificates and/or CRLs present. + my ($cert, $crl) = check_file($fname); + if(!$cert && !$crl) { + print STDERR "WARNING: $fname does not contain a certificate or CRL: skipping\n"; + next; + } + link_hash_cert($fname) if($cert); + link_hash_crl($fname) if($crl); + } +} + +sub check_file { + my ($is_cert, $is_crl) = (0,0); + my $fname = $_[0]; + open IN, $fname; + while(<IN>) { + if(/^-----BEGIN (.*)-----/) { + my $hdr = $1; + if($hdr =~ /^(X509 |TRUSTED |)CERTIFICATE$/) { + $is_cert = 1; + last if($is_crl); + } elsif($hdr eq "X509 CRL") { + $is_crl = 1; + last if($is_cert); + } + } + } + close IN; + return ($is_cert, $is_crl); +} + + +# Link a certificate to its subject name hash value, each hash is of +# the form <hash>.<n> where n is an integer. If the hash value already exists +# then we need to up the value of n, unless its a duplicate in which +# case we skip the link. We check for duplicates by comparing the +# certificate fingerprints + +sub link_hash_cert { + my $fname = $_[0]; + $fname =~ s/'/'\\''/g; + my ($hash, $fprint) = `"$openssl" x509 -hash -fingerprint -noout -in '$fname'`; + chomp $hash; + chomp $fprint; + $fprint =~ s/^.*=//; + $fprint =~ tr/://d; + my $suffix = 0; + # Search for an unused hash filename + while(exists $hashlist{"$hash.$suffix"}) { + # Hash matches: if fingerprint matches its a duplicate cert + if($hashlist{"$hash.$suffix"} eq $fprint) { + print STDERR "WARNING: Skipping duplicate certificate $fname\n"; + return; + } + $suffix++; + } + $hash .= ".$suffix"; + print "$fname => $hash\n"; + $symlink_exists=eval {symlink("",""); 1}; + if ($symlink_exists) { + symlink $fname, $hash; + } else { + system ("cp", $fname, $hash); + } + $hashlist{$hash} = $fprint; +} + +# Same as above except for a CRL. CRL links are of the form <hash>.r<n> + +sub link_hash_crl { + my $fname = $_[0]; + $fname =~ s/'/'\\''/g; + my ($hash, $fprint) = `"$openssl" crl -hash -fingerprint -noout -in '$fname'`; + chomp $hash; + chomp $fprint; + $fprint =~ s/^.*=//; + $fprint =~ tr/://d; + my $suffix = 0; + # Search for an unused hash filename + while(exists $hashlist{"$hash.r$suffix"}) { + # Hash matches: if fingerprint matches its a duplicate cert + if($hashlist{"$hash.r$suffix"} eq $fprint) { + print STDERR "WARNING: Skipping duplicate CRL $fname\n"; + return; + } + $suffix++; + } + $hash .= ".r$suffix"; + print "$fname => $hash\n"; + $symlink_exists=eval {symlink("",""); 1}; + if ($symlink_exists) { + symlink $fname, $hash; + } else { + system ("cp", $fname, $hash); + } + $hashlist{$hash} = $fprint; +} + |