4 # Perl c_rehash script, scan all files in a directory
5 # and add symbolic links to their hash values.
9 my $dir = "/usr/local/ssl";
10 my $prefix = "/usr/local/ssl";
12 if(defined $ENV{OPENSSL
}) {
13 $openssl = $ENV{OPENSSL
};
16 $ENV{OPENSSL
} = $openssl;
21 if (defined(&Cwd
::getcwd
)) {
24 $pwd=`pwd`; chomp($pwd);
26 my $path_delim = ($pwd =~ /^[a-z]\:/i) ?
';' : ':'; # DOS/Win32 or Unix delimiter?
28 $ENV{PATH
} = "$prefix/bin" . ($ENV{PATH
} ?
$path_delim . $ENV{PATH
} : ""); # prefix our path
32 foreach (split /$path_delim/, $ENV{PATH
}) {
33 if(-x
"$_/$openssl") {
35 $openssl = "$_/$openssl";
40 print STDERR
"c_rehash: rehashing skipped ('openssl' program not available)\n";
47 } elsif($ENV{SSL_CERT_DIR
}) {
48 @dirlist = split /$path_delim/, $ENV{SSL_CERT_DIR
};
50 $dirlist[0] = "$dir/certs";
55 $openssl="$pwd/$openssl" if (!-x
$openssl);
67 print "Doing $_[0]\n";
70 my @flist = readdir(DIR
);
71 # Delete any existing symbolic links
72 foreach (grep {/^[\da-f]+\.r{0,1}\d+$/} @flist) {
78 FILE
: foreach $fname (grep {/\.pem$/} @flist) {
79 # Check to see if certificates and/or CRLs present.
80 my ($cert, $crl) = check_file
($fname);
82 print STDERR
"WARNING: $fname does not contain a certificate or CRL: skipping\n";
85 link_hash_cert
($fname) if($cert);
86 link_hash_crl
($fname) if($crl);
91 my ($is_cert, $is_crl) = (0,0);
95 if(/^-----BEGIN (.*)-----/) {
97 if($hdr =~ /^(X509 |TRUSTED |)CERTIFICATE$/) {
100 } elsif($hdr eq "X509 CRL") {
107 return ($is_cert, $is_crl);
111 # Link a certificate to its subject name hash value, each hash is of
112 # the form <hash>.<n> where n is an integer. If the hash value already exists
113 # then we need to up the value of n, unless its a duplicate in which
114 # case we skip the link. We check for duplicates by comparing the
115 # certificate fingerprints
119 $fname =~ s/'/'\\''/g;
120 my ($hash, $fprint) = `"$openssl" x509 -hash -fingerprint -noout -in "$fname"`;
126 # Search for an unused hash filename
127 while(exists $hashlist{"$hash.$suffix"}) {
128 # Hash matches: if fingerprint matches its a duplicate cert
129 if($hashlist{"$hash.$suffix"} eq $fprint) {
130 print STDERR
"WARNING: Skipping duplicate certificate $fname\n";
136 print "$fname => $hash\n";
137 $symlink_exists=eval {symlink("",""); 1};
138 if ($symlink_exists) {
139 symlink $fname, $hash;
141 open IN
,"<$fname" or die "can't open $fname for read";
142 open OUT
,">$hash" or die "can't open $hash for write";
143 print OUT
<IN
>; # does the job for small text files
147 $hashlist{$hash} = $fprint;
150 # Same as above except for a CRL. CRL links are of the form <hash>.r<n>
154 $fname =~ s/'/'\\''/g;
155 my ($hash, $fprint) = `"$openssl" crl -hash -fingerprint -noout -in '$fname'`;
161 # Search for an unused hash filename
162 while(exists $hashlist{"$hash.r$suffix"}) {
163 # Hash matches: if fingerprint matches its a duplicate cert
164 if($hashlist{"$hash.r$suffix"} eq $fprint) {
165 print STDERR
"WARNING: Skipping duplicate CRL $fname\n";
170 $hash .= ".r$suffix";
171 print "$fname => $hash\n";
172 $symlink_exists=eval {symlink("",""); 1};
173 if ($symlink_exists) {
174 symlink $fname, $hash;
176 system ("cp", $fname, $hash);
178 $hashlist{$hash} = $fprint;