184 lines
6.4 KiB
HTML
184 lines
6.4 KiB
HTML
<?xml version="1.0" ?>
|
|
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
|
|
<html xmlns="http://www.w3.org/1999/xhtml">
|
|
<head>
|
|
<title>rehash</title>
|
|
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
|
|
<link rev="made" href="mailto:root@localhost" />
|
|
</head>
|
|
|
|
<body style="background-color: white">
|
|
|
|
|
|
<!-- INDEX BEGIN -->
|
|
<div name="index">
|
|
<p><a name="__index__"></a></p>
|
|
|
|
<ul>
|
|
|
|
<li><a href="#name">NAME</a></li>
|
|
<li><a href="#synopsis">SYNOPSIS</a></li>
|
|
<li><a href="#description">DESCRIPTION</a></li>
|
|
<ul>
|
|
|
|
<li><a href="#script_configuration">Script Configuration</a></li>
|
|
</ul>
|
|
|
|
<li><a href="#options">OPTIONS</a></li>
|
|
<li><a href="#environment">ENVIRONMENT</a></li>
|
|
<li><a href="#see_also">SEE ALSO</a></li>
|
|
<li><a href="#copyright">COPYRIGHT</a></li>
|
|
</ul>
|
|
|
|
<hr name="index" />
|
|
</div>
|
|
<!-- INDEX END -->
|
|
|
|
<p>
|
|
</p>
|
|
<hr />
|
|
<h1><a name="name">NAME</a></h1>
|
|
<p>openssl-c_rehash, openssl-rehash,
|
|
c_rehash, rehash - Create symbolic links to files named by the hash values</p>
|
|
<p>
|
|
</p>
|
|
<hr />
|
|
<h1><a name="synopsis">SYNOPSIS</a></h1>
|
|
<p><strong>openssl</strong>
|
|
<strong>rehash</strong>
|
|
<strong>[-h]</strong>
|
|
<strong>[-help]</strong>
|
|
<strong>[-old]</strong>
|
|
<strong>[-n]</strong>
|
|
<strong>[-v]</strong>
|
|
[ <em>directory</em>...]</p>
|
|
<p><strong>c_rehash</strong>
|
|
<em>flags...</em></p>
|
|
<p>
|
|
</p>
|
|
<hr />
|
|
<h1><a name="description">DESCRIPTION</a></h1>
|
|
<p>On some platforms, the OpenSSL <strong>rehash</strong> command is available as
|
|
an external script called <strong>c_rehash</strong>. They are functionally equivalent,
|
|
except for minor differences noted below.</p>
|
|
<p><strong>rehash</strong> scans directories and calculates a hash value of each
|
|
<code>.pem</code>, <code>.crt</code>, <code>.cer</code>, or <code>.crl</code>
|
|
file in the specified directory list and creates symbolic links
|
|
for each file, where the name of the link is the hash value.
|
|
(If the platform does not support symbolic links, a copy is made.)
|
|
This utility is useful as many programs that use OpenSSL require
|
|
directories to be set up like this in order to find certificates.</p>
|
|
<p>If any directories are named on the command line, then those are
|
|
processed in turn. If not, then the <strong>SSL_CERT_DIR</strong> environment variable
|
|
is consulted; this should be a colon-separated list of directories,
|
|
like the Unix <strong>PATH</strong> variable.
|
|
If that is not set then the default directory (installation-specific
|
|
but often <strong>/usr/local/ssl/certs</strong>) is processed.</p>
|
|
<p>In order for a directory to be processed, the user must have write
|
|
permissions on that directory, otherwise an error will be generated.</p>
|
|
<p>The links created are of the form <code>HHHHHHHH.D</code>, where each <strong>H</strong>
|
|
is a hexadecimal character and <strong>D</strong> is a single decimal digit.
|
|
When processing a directory, <strong>rehash</strong> will first remove all links
|
|
that have a name in that syntax, even if they are being used for some
|
|
other purpose.
|
|
To skip the removal step, use the <strong>-n</strong> flag.
|
|
Hashes for CRL's look similar except the letter <strong>r</strong> appears after
|
|
the period, like this: <code>HHHHHHHH.rD</code>.</p>
|
|
<p>Multiple objects may have the same hash; they will be indicated by
|
|
incrementing the <strong>D</strong> value. Duplicates are found by comparing the
|
|
full SHA-1 fingerprint. A warning will be displayed if a duplicate
|
|
is found.</p>
|
|
<p>A warning will also be displayed if there are files that
|
|
cannot be parsed as either a certificate or a CRL or if
|
|
more than one such object appears in the file.</p>
|
|
<p>
|
|
</p>
|
|
<h2><a name="script_configuration">Script Configuration</a></h2>
|
|
<p>The <strong>c_rehash</strong> script
|
|
uses the <strong>openssl</strong> program to compute the hashes and
|
|
fingerprints. If not found in the user's <strong>PATH</strong>, then set the
|
|
<strong>OPENSSL</strong> environment variable to the full pathname.
|
|
Any program can be used, it will be invoked as follows for either
|
|
a certificate or CRL:</p>
|
|
<pre>
|
|
$OPENSSL x509 -hash -fingerprint -noout -in FILENAME
|
|
$OPENSSL crl -hash -fingerprint -noout -in FILENAME</pre>
|
|
<p>where <strong>FILENAME</strong> is the filename. It must output the hash of the
|
|
file on the first line, and the fingerprint on the second,
|
|
optionally prefixed with some text and an equals sign.</p>
|
|
<p>
|
|
</p>
|
|
<hr />
|
|
<h1><a name="options">OPTIONS</a></h1>
|
|
<dl>
|
|
<dt><strong><a name="help_h" class="item"><strong>-help</strong> <strong>-h</strong></a></strong></dt>
|
|
|
|
<dd>
|
|
<p>Display a brief usage message.</p>
|
|
</dd>
|
|
<dt><strong><a name="old" class="item"><strong>-old</strong></a></strong></dt>
|
|
|
|
<dd>
|
|
<p>Use old-style hashing (MD5, as opposed to SHA-1) for generating
|
|
links to be used for releases before 1.0.0.
|
|
Note that current versions will not use the old style.</p>
|
|
</dd>
|
|
<dt><strong><a name="n" class="item"><strong>-n</strong></a></strong></dt>
|
|
|
|
<dd>
|
|
<p>Do not remove existing links.
|
|
This is needed when keeping new and old-style links in the same directory.</p>
|
|
</dd>
|
|
<dt><strong><a name="compat" class="item"><strong>-compat</strong></a></strong></dt>
|
|
|
|
<dd>
|
|
<p>Generate links for both old-style (MD5) and new-style (SHA1) hashing.
|
|
This allows releases before 1.0.0 to use these links along-side newer
|
|
releases.</p>
|
|
</dd>
|
|
<dt><strong><a name="v" class="item"><strong>-v</strong></a></strong></dt>
|
|
|
|
<dd>
|
|
<p>Print messages about old links removed and new links created.
|
|
By default, <strong>rehash</strong> only lists each directory as it is processed.</p>
|
|
</dd>
|
|
</dl>
|
|
<p>
|
|
</p>
|
|
<hr />
|
|
<h1><a name="environment">ENVIRONMENT</a></h1>
|
|
<dl>
|
|
<dt><strong><a name="openssl" class="item"><strong>OPENSSL</strong></a></strong></dt>
|
|
|
|
<dd>
|
|
<p>The path to an executable to use to generate hashes and
|
|
fingerprints (see above).</p>
|
|
</dd>
|
|
<dt><strong><a name="ssl_cert_dir" class="item"><strong>SSL_CERT_DIR</strong></a></strong></dt>
|
|
|
|
<dd>
|
|
<p>Colon separated list of directories to operate on.
|
|
Ignored if directories are listed on the command line.</p>
|
|
</dd>
|
|
</dl>
|
|
<p>
|
|
</p>
|
|
<hr />
|
|
<h1><a name="see_also">SEE ALSO</a></h1>
|
|
<p><em>openssl(1)</em>,
|
|
<em>crl(1)</em>.
|
|
<em>x509(1)</em>.</p>
|
|
<p>
|
|
</p>
|
|
<hr />
|
|
<h1><a name="copyright">COPYRIGHT</a></h1>
|
|
<p>Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.</p>
|
|
<p>Licensed under the OpenSSL license (the "License"). You may not use
|
|
this file except in compliance with the License. You can obtain a copy
|
|
in the file LICENSE in the source distribution or at
|
|
<a href="https://www.openssl.org/source/license.html">https://www.openssl.org/source/license.html</a>.</p>
|
|
|
|
</body>
|
|
|
|
</html>
|