On Sun, May 25, 2014 at 09:33:00PM +0200, J??r??mie Courr??ges-Anglas wrote: > Jason McIntyre <j...@kerhand.co.uk> writes: > > > On Sun, May 25, 2014 at 03:02:18PM +0200, Alexander Schrijver wrote: > >> c_rehash doesn't exist in OpenBSD and remove a history lesson which is > >> either > >> not aplicable anymore or was never true. > >> > > > > hmm, two things for the price of one. > > > > since we don;t have c_rehash, it seems silly to reference it. but > > there's another ref in ftp(1) added only a few months ago by jca...any > > comments, jca? > > No particular comment. Adding ftp(1) support for c_rehash'd directories > was cheap, and I was thinking about proposing the addition of said > utility to the base system. I've only needed it once or twice, yet it > bugged me not to have it at hand next to other openssl programs. > > Before removing the references to c_rehash I'd like to know if other > people are interested in getting a trimmed down c_rehash utility in. > Else there is not much point in supporting ftp -S capath=... at all. >
ok, so i'm gonna hold off until we see whether c_rehash gets added or not. jmc > > the change to HISTORY is less convincing for me. there may well be room > > to cut verbosity from this file (it's difficult to imagine adding to > > it), but zapping one section so inconsistently feels wrong. when i > > eventually get my extra life, i pledge to spend it checking this page. > > until then, i've opted to zap the c_rehash reference only. > > I think you're right about the HISTORY removal. > > > unless they protest, i will commit this: > > > > Index: usr.bin/ftp/ftp.1 > > =================================================================== > > RCS file: /cvs/src/usr.bin/ftp/ftp.1,v > > retrieving revision 1.91 > > diff -u -r1.91 ftp.1 > > --- usr.bin/ftp/ftp.1 23 Jan 2014 08:09:08 -0000 1.91 > > +++ usr.bin/ftp/ftp.1 25 May 2014 18:58:31 -0000 > > @@ -232,7 +232,6 @@ > > .It Cm capath Ns = Ns Ar /path/to/certs/ > > Directory containing PEM encoded CA certificates used for certificate > > validation. > > -Such a directory can be prepared using the c_rehash OpenSSL utility. > > .It Cm ciphers Ns = Ns Ar cipher_list > > Specify the list of ciphers that will be used by > > .Nm . > > Index: usr.sbin/openssl/openssl.1 > > =================================================================== > > RCS file: /cvs/src/usr.sbin/openssl/openssl.1,v > > retrieving revision 1.94 > > diff -u -r1.94 openssl.1 > > --- usr.sbin/openssl/openssl.1 18 May 2014 08:23:27 -0000 1.94 > > +++ usr.sbin/openssl/openssl.1 25 May 2014 18:58:34 -0000 > > @@ -9072,11 +9072,6 @@ > > option of the > > .Nm x509 > > utility). > > -Under > > -.Ux , > > -the > > -.Nm c_rehash > > -script will automatically create symbolic links to a directory of > > certificates. > > .It Fl crl_check > > Checks end entity certificate validity by attempting to look up a valid > > CRL. > > If a valid CRL cannot be found an error occurs. > > @@ -10420,10 +10415,6 @@ > > In > > .Nm OpenSSL > > 1.0.0 and later it is based on a canonical version of the DN using SHA1. > > -This means that any directories using the old form > > -must have their links rebuilt using > > -.Ar c_rehash > > -or similar. > > .\" > > .\" FILES > > .\" > > > > -- > jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE >