CVSROOT: /cvs
Module name: src
Changes by: [email protected] 2015/02/10 08:29:34
Modified files:
usr.bin/openssl: Makefile progs.h
Added files:
usr.bin/openssl: certhash.c
Log message:
Introduce an openssl(1) certhash command.
This is effectively a reimplementation of the functionality provided by
the previously removed c_rehash Perl script. The c_rehash script had a
number of known issues, including the fact that it needs to run openssl(1)
multiple times and that it starts by removing all symlinks before
putting them back, creating atomicity issues/race conditions, even when
nothing has changed.
certhash is self-contained and is intended to be stable - no changes
should be made unless something has actually changed. This means it can
be run regularly in a production environment without causing certificate
lookup failures.
Further testing and improvements will happen in tree.
Discussed with tedu@
