diff options
Diffstat (limited to 'doc/apps/c_rehash.pod')
| -rw-r--r-- | doc/apps/c_rehash.pod | 114 |
1 files changed, 0 insertions, 114 deletions
diff --git a/doc/apps/c_rehash.pod b/doc/apps/c_rehash.pod deleted file mode 100644 index ccce29e47b7e..000000000000 --- a/doc/apps/c_rehash.pod +++ /dev/null @@ -1,114 +0,0 @@ -=pod - -=for comment -Original text by James Westby, contributed under the OpenSSL license. - -=head1 NAME - -c_rehash - Create symbolic links to files named by the hash values - -=head1 SYNOPSIS - -B<c_rehash> -B<[-old]> -B<[-h]> -B<[-n]> -B<[-v]> -[ I<directory>...] - -=head1 DESCRIPTION - -B<c_rehash> scans directories and calculates a hash value of each -C<.pem>, C<.crt>, C<.cer>, or C<.crl> -file in the specified directory list and creates symbolic links -for each file, where the name of the link is the hash value. -(If the platform does not support symbolic links, a copy is made.) -This utility is useful as many programs that use OpenSSL require -directories to be set up like this in order to find certificates. - -If any directories are named on the command line, then those are -processed in turn. If not, then the B<SSL_CERT_DIR> environment variable -is consulted; this shold be a colon-separated list of directories, -like the Unix B<PATH> variable. -If that is not set then the default directory (installation-specific -but often B</usr/local/ssl/certs>) is processed. - -In order for a directory to be processed, the user must have write -permissions on that directory, otherwise it will be skipped. -The links created are of the form C<HHHHHHHH.D>, where each B<H> -is a hexadecimal character and B<D> is a single decimal digit. -When processing a directory, B<c_rehash> will first remove all links -that have a name in that syntax. If you have links in that format -used for other purposes, they will be removed. -To skip the removal step, use the B<-n> flag. -Hashes for CRL's look similar except the letter B<r> appears after -the period, like this: C<HHHHHHHH.rD>. - -Multiple objects may have the same hash; they will be indicated by -incrementing the B<D> value. Duplicates are found by comparing the -full SHA-1 fingerprint. A warning will be displayed if a duplicate -is found. - -A warning will also be displayed if there are files that -cannot be parsed as either a certificate or a CRL. - -The program uses the B<openssl> program to compute the hashes and -fingerprints. If not found in the user's B<PATH>, then set the -B<OPENSSL> environment variable to the full pathname. -Any program can be used, it will be invoked as follows for either -a certificate or CRL: - - $OPENSSL x509 -hash -fingerprint -noout -in FILENAME - $OPENSSL crl -hash -fingerprint -noout -in FILENAME - -where B<FILENAME> is the filename. It must output the hash of the -file on the first line, and the fingerprint on the second, -optionally prefixed with some text and an equals sign. - -=head1 OPTIONS - -=over 4 - -=item B<-old> - -Use old-style hashing (MD5, as opposed to SHA-1) for generating -links for releases before 1.0.0. Note that current versions will -not use the old style. - -=item B<-h> - -Display a brief usage message. - -=item B<-n> - -Do not remove existing links. -This is needed when keeping new and old-style links in the same directory. - -=item B<-v> - -Print messages about old links removed and new links created. -By default, B<c_rehash> only lists each directory as it is processed. - -=back - -=head1 ENVIRONMENT - -=over - -=item B<OPENSSL> - -The path to an executable to use to generate hashes and -fingerprints (see above). - -=item B<SSL_CERT_DIR> - -Colon separated list of directories to operate on. -Ignored if directories are listed on the command line. - -=back - -=head1 SEE ALSO - -L<openssl(1)|openssl(1)>, -L<crl(1)|crl(1)>. -L<x509(1)|x509(1)>. |