On Sat, Nov 04, 2006 at 02:30:54PM +0100, Joey Schulze wrote: > Kurt Roeckx wrote: > > On Sat, Nov 04, 2006 at 12:52:03PM +0100, Joey Schulze wrote: > > > > > > Maybe one improvement would be to reduce the number of links in this > > > directory to one per certificate. Currently for each certificate > > > provided by ca-certificates the certificate has a link to /usr/share/.. > > > and the hash has a link to the other link. Wouldn't it be possible to > > > only create the hash link as a symbolic link to /usr/share/...? > > > > I'm not sure the current c_rehash supports that. People (or scripts) > > may want to run c_rehash on /etc/ssl/certs, at which point it would > > remove the hash links, and you have nothing left. > > Are the hashes recalculated randomly? Which programs do that? > (since I was left with a missing hash several times, at least > I don't seem to have such a program installed)
It seems there is an update-ca-certificates, which has a config file (/etc/ca-certificates.conf) that says which certificates should be enabled. It runs c_rehash at the end of it, to regenerate the hashes. Kurt -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]