VirtualBox

source: vbox/trunk/src/libs/openssl-1.1.1j/doc/man1/rehash.pod@ 88461

Last change on this file since 88461 was 87984, checked in by vboxsync, 4 years ago

openssl-1.1.1j: Applied and adjusted our OpenSSL changes to 1.1.1j. bugref:9963

File size: 4.1 KB
Line 
1=pod
2
3=for comment
4Original text by James Westby, contributed under the OpenSSL license.
5
6=head1 NAME
7
8openssl-c_rehash, openssl-rehash,
9c_rehash, rehash - Create symbolic links to files named by the hash values
10
11=head1 SYNOPSIS
12
13B<openssl>
14B<rehash>
15B<[-h]>
16B<[-help]>
17B<[-old]>
18B<[-n]>
19B<[-v]>
20[ I<directory>...]
21
22B<c_rehash>
23I<flags...>
24
25=head1 DESCRIPTION
26
27On some platforms, the OpenSSL B<rehash> command is available as
28an external script called B<c_rehash>. They are functionally equivalent,
29except for minor differences noted below.
30
31B<rehash> scans directories and calculates a hash value of each
32C<.pem>, C<.crt>, C<.cer>, or C<.crl>
33file in the specified directory list and creates symbolic links
34for each file, where the name of the link is the hash value.
35(If the platform does not support symbolic links, a copy is made.)
36This utility is useful as many programs that use OpenSSL require
37directories to be set up like this in order to find certificates.
38
39If any directories are named on the command line, then those are
40processed in turn. If not, then the B<SSL_CERT_DIR> environment variable
41is consulted; this should be a colon-separated list of directories,
42like the Unix B<PATH> variable.
43If that is not set then the default directory (installation-specific
44but often B</usr/local/ssl/certs>) is processed.
45
46In order for a directory to be processed, the user must have write
47permissions on that directory, otherwise an error will be generated.
48
49The links created are of the form C<HHHHHHHH.D>, where each B<H>
50is a hexadecimal character and B<D> is a single decimal digit.
51When processing a directory, B<rehash> will first remove all links
52that have a name in that syntax, even if they are being used for some
53other purpose.
54To skip the removal step, use the B<-n> flag.
55Hashes for CRL's look similar except the letter B<r> appears after
56the period, like this: C<HHHHHHHH.rD>.
57
58Multiple objects may have the same hash; they will be indicated by
59incrementing the B<D> value. Duplicates are found by comparing the
60full SHA-1 fingerprint. A warning will be displayed if a duplicate
61is found.
62
63A warning will also be displayed if there are files that
64cannot be parsed as either a certificate or a CRL or if
65more than one such object appears in the file.
66
67=head2 Script Configuration
68
69The B<c_rehash> script
70uses the B<openssl> program to compute the hashes and
71fingerprints. If not found in the user's B<PATH>, then set the
72B<OPENSSL> environment variable to the full pathname.
73Any program can be used, it will be invoked as follows for either
74a certificate or CRL:
75
76 $OPENSSL x509 -hash -fingerprint -noout -in FILENAME
77 $OPENSSL crl -hash -fingerprint -noout -in FILENAME
78
79where B<FILENAME> is the filename. It must output the hash of the
80file on the first line, and the fingerprint on the second,
81optionally prefixed with some text and an equals sign.
82
83=head1 OPTIONS
84
85=over 4
86
87=item B<-help> B<-h>
88
89Display a brief usage message.
90
91=item B<-old>
92
93Use old-style hashing (MD5, as opposed to SHA-1) for generating
94links to be used for releases before 1.0.0.
95Note that current versions will not use the old style.
96
97=item B<-n>
98
99Do not remove existing links.
100This is needed when keeping new and old-style links in the same directory.
101
102=item B<-compat>
103
104Generate links for both old-style (MD5) and new-style (SHA1) hashing.
105This allows releases before 1.0.0 to use these links along-side newer
106releases.
107
108=item B<-v>
109
110Print messages about old links removed and new links created.
111By default, B<rehash> only lists each directory as it is processed.
112
113=back
114
115=head1 ENVIRONMENT
116
117=over 4
118
119=item B<OPENSSL>
120
121The path to an executable to use to generate hashes and
122fingerprints (see above).
123
124=item B<SSL_CERT_DIR>
125
126Colon separated list of directories to operate on.
127Ignored if directories are listed on the command line.
128
129=back
130
131=head1 SEE ALSO
132
133L<openssl(1)>,
134L<crl(1)>.
135L<x509(1)>.
136
137=head1 COPYRIGHT
138
139Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
140
141Licensed under the OpenSSL license (the "License"). You may not use
142this file except in compliance with the License. You can obtain a copy
143in the file LICENSE in the source distribution or at
144L<https://www.openssl.org/source/license.html>.
145
146=cut
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette