3 # WARNING: do not edit!
4 # Generated by Makefile from tools/c_rehash.in
5 # Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
7 # Licensed under the OpenSSL license (the "License"). You may not use
8 # this file except in compliance with the License. You can obtain a copy
9 # in the file LICENSE in the source distribution or at
10 # https://www.openssl.org/source/license.html
12 # Perl c_rehash script, scan all files in a directory
13 # and add symbolic links to their hash values.
19 my $openssl = $ENV{OPENSSL} || "openssl";
21 my $x509hash = "-subject_hash";
22 my $crlhash = "-hash";
24 my $symlink_exists=eval {symlink("",""); 1};
28 while ( $ARGV[0] =~ /^-/ ) {
29 my $flag = shift @ARGV;
30 last if ( $flag eq '--');
31 if ( $flag eq '-old') {
32 $x509hash = "-subject_hash_old";
33 $crlhash = "-hash_old";
34 } elsif ( $flag eq '-h' || $flag eq '-help' ) {
36 } elsif ( $flag eq '-n' ) {
38 } elsif ( $flag eq '-v' ) {
42 print STDERR "Usage error; try -h.\n";
48 print "Usage: c_rehash [-old] [-h] [-help] [-v] [dirs...]\n";
49 print " -old use old-style digest\n";
50 print " -h or -help print this help text\n";
51 print " -v print files removed and linked\n";
56 if (defined(&Cwd::getcwd)) {
63 # DOS/Win32 or Unix delimiter? Prefix our installdir, then search.
64 my $path_delim = ($pwd =~ /^[a-z]\:/i) ? ';' : ':';
65 $ENV{PATH} = "$prefix/bin" . ($ENV{PATH} ? $path_delim . $ENV{PATH} : "");
69 foreach (split /$path_delim/, $ENV{PATH}) {
70 if (-x "$_/$openssl") {
72 $openssl = "$_/$openssl";
77 print STDERR "c_rehash: rehashing skipped ('openssl' program not available)\n";
84 } elsif ($ENV{SSL_CERT_DIR}) {
85 @dirlist = split /$path_delim/, $ENV{SSL_CERT_DIR};
87 $dirlist[0] = "$dir/certs";
92 $openssl="$pwd/$openssl" if (!-x $openssl);
101 print "Skipping $_, can't write\n";
110 print "Doing $_[0]\n";
113 my @flist = sort readdir(DIR);
115 if ( $removelinks ) {
116 # Delete any existing symbolic links
117 foreach (grep {/^[\da-f]+\.r{0,1}\d+$/} @flist) {
119 print "unlink $_" if $verbose;
120 unlink $_ || warn "Can't unlink $_, $!\n";
124 FILE: foreach $fname (grep {/\.(pem)|(crt)|(cer)|(crl)$/} @flist) {
125 # Check to see if certificates and/or CRLs present.
126 my ($cert, $crl) = check_file($fname);
127 if (!$cert && !$crl) {
128 print STDERR "WARNING: $fname does not contain a certificate or CRL: skipping\n";
131 link_hash_cert($fname) if ($cert);
132 link_hash_crl($fname) if ($crl);
137 my ($is_cert, $is_crl) = (0,0);
141 if (/^-----BEGIN (.*)-----/) {
143 if ($hdr =~ /^(X509 |TRUSTED |)CERTIFICATE$/) {
146 } elsif ($hdr eq "X509 CRL") {
153 return ($is_cert, $is_crl);
157 # Link a certificate to its subject name hash value, each hash is of
158 # the form <hash>.<n> where n is an integer. If the hash value already exists
159 # then we need to up the value of n, unless its a duplicate in which
160 # case we skip the link. We check for duplicates by comparing the
161 # certificate fingerprints
165 $fname =~ s/'/'\\''/g;
166 my ($hash, $fprint) = `"$openssl" x509 $x509hash -fingerprint -noout -in "$fname"`;
172 # Search for an unused hash filename
173 while(exists $hashlist{"$hash.$suffix"}) {
174 # Hash matches: if fingerprint matches its a duplicate cert
175 if ($hashlist{"$hash.$suffix"} eq $fprint) {
176 print STDERR "WARNING: Skipping duplicate certificate $fname\n";
182 if ($symlink_exists) {
183 print "link $fname -> $hash\n" if $verbose;
184 symlink $fname, $hash || warn "Can't symlink, $!";
186 print "copy $fname -> $hash\n" if $verbose;
187 if (open($in, "<", $fname)) {
188 if (open($out,">", $hash)) {
189 print $out $_ while (<$in>);
192 warn "can't open $hash for write, $!";
196 warn "can't open $fname for read, $!";
199 $hashlist{$hash} = $fprint;
202 # Same as above except for a CRL. CRL links are of the form <hash>.r<n>
206 $fname =~ s/'/'\\''/g;
207 my ($hash, $fprint) = `"$openssl" crl $crlhash -fingerprint -noout -in '$fname'`;
213 # Search for an unused hash filename
214 while(exists $hashlist{"$hash.r$suffix"}) {
215 # Hash matches: if fingerprint matches its a duplicate cert
216 if ($hashlist{"$hash.r$suffix"} eq $fprint) {
217 print STDERR "WARNING: Skipping duplicate CRL $fname\n";
222 $hash .= ".r$suffix";
223 if ($symlink_exists) {
224 print "link $fname -> $hash\n" if $verbose;
225 symlink $fname, $hash || warn "Can't symlink, $!";
227 print "cp $fname -> $hash\n" if $verbose;
228 system ("cp", $fname, $hash);
229 warn "Can't copy, $!" if ($? >> 8) != 0;
231 $hashlist{$hash} = $fprint;