|
@@ -28,35 +28,35 @@ while ( $ARGV[0] =~ /^-/ ) {
|
|
|
my $flag = shift @ARGV;
|
|
|
last if ( $flag eq '--');
|
|
|
if ( $flag eq '-old') {
|
|
|
- $x509hash = "-subject_hash_old";
|
|
|
- $crlhash = "-hash_old";
|
|
|
+ $x509hash = "-subject_hash_old";
|
|
|
+ $crlhash = "-hash_old";
|
|
|
} elsif ( $flag eq '-h' || $flag eq '-help' ) {
|
|
|
- help();
|
|
|
+ help();
|
|
|
} elsif ( $flag eq '-n' ) {
|
|
|
- $removelinks = 0;
|
|
|
+ $removelinks = 0;
|
|
|
} elsif ( $flag eq '-v' ) {
|
|
|
- $verbose++;
|
|
|
+ $verbose++;
|
|
|
}
|
|
|
else {
|
|
|
- print STDERR "Usage error; try -h.\n";
|
|
|
- exit 1;
|
|
|
+ print STDERR "Usage error; try -h.\n";
|
|
|
+ exit 1;
|
|
|
}
|
|
|
}
|
|
|
|
|
|
sub help {
|
|
|
- print "Usage: c_rehash [-old] [-h] [-help] [-v] [dirs...]\n";
|
|
|
- print " -old use old-style digest\n";
|
|
|
- print " -h or -help print this help text\n";
|
|
|
- print " -v print files removed and linked\n";
|
|
|
- exit 0;
|
|
|
+ print "Usage: c_rehash [-old] [-h] [-help] [-v] [dirs...]\n";
|
|
|
+ print " -old use old-style digest\n";
|
|
|
+ print " -h or -help print this help text\n";
|
|
|
+ print " -v print files removed and linked\n";
|
|
|
+ exit 0;
|
|
|
}
|
|
|
|
|
|
eval "require Cwd";
|
|
|
if (defined(&Cwd::getcwd)) {
|
|
|
- $pwd=Cwd::getcwd();
|
|
|
+ $pwd=Cwd::getcwd();
|
|
|
} else {
|
|
|
- $pwd=`pwd`;
|
|
|
- chomp($pwd);
|
|
|
+ $pwd=`pwd`;
|
|
|
+ chomp($pwd);
|
|
|
}
|
|
|
|
|
|
# DOS/Win32 or Unix delimiter? Prefix our installdir, then search.
|
|
@@ -64,92 +64,92 @@ my $path_delim = ($pwd =~ /^[a-z]\:/i) ? ';' : ':';
|
|
|
$ENV{PATH} = "$prefix/bin" . ($ENV{PATH} ? $path_delim . $ENV{PATH} : "");
|
|
|
|
|
|
if (! -x $openssl) {
|
|
|
- my $found = 0;
|
|
|
- foreach (split /$path_delim/, $ENV{PATH}) {
|
|
|
- if (-x "$_/$openssl") {
|
|
|
- $found = 1;
|
|
|
- $openssl = "$_/$openssl";
|
|
|
- last;
|
|
|
- }
|
|
|
- }
|
|
|
- if ($found == 0) {
|
|
|
- print STDERR "c_rehash: rehashing skipped ('openssl' program not available)\n";
|
|
|
- exit 0;
|
|
|
- }
|
|
|
+ my $found = 0;
|
|
|
+ foreach (split /$path_delim/, $ENV{PATH}) {
|
|
|
+ if (-x "$_/$openssl") {
|
|
|
+ $found = 1;
|
|
|
+ $openssl = "$_/$openssl";
|
|
|
+ last;
|
|
|
+ }
|
|
|
+ }
|
|
|
+ if ($found == 0) {
|
|
|
+ print STDERR "c_rehash: rehashing skipped ('openssl' program not available)\n";
|
|
|
+ exit 0;
|
|
|
+ }
|
|
|
}
|
|
|
|
|
|
if (@ARGV) {
|
|
|
- @dirlist = @ARGV;
|
|
|
+ @dirlist = @ARGV;
|
|
|
} elsif ($ENV{SSL_CERT_DIR}) {
|
|
|
- @dirlist = split /$path_delim/, $ENV{SSL_CERT_DIR};
|
|
|
+ @dirlist = split /$path_delim/, $ENV{SSL_CERT_DIR};
|
|
|
} else {
|
|
|
- $dirlist[0] = "$dir/certs";
|
|
|
+ $dirlist[0] = "$dir/certs";
|
|
|
}
|
|
|
|
|
|
if (-d $dirlist[0]) {
|
|
|
- chdir $dirlist[0];
|
|
|
- $openssl="$pwd/$openssl" if (!-x $openssl);
|
|
|
- chdir $pwd;
|
|
|
+ chdir $dirlist[0];
|
|
|
+ $openssl="$pwd/$openssl" if (!-x $openssl);
|
|
|
+ chdir $pwd;
|
|
|
}
|
|
|
|
|
|
foreach (@dirlist) {
|
|
|
- if (-d $_ ) {
|
|
|
- if ( -w $_) {
|
|
|
- hash_dir($_);
|
|
|
- } else {
|
|
|
- print "Skipping $_, can't write\n";
|
|
|
- $errorcount++;
|
|
|
- }
|
|
|
- }
|
|
|
+ if (-d $_ ) {
|
|
|
+ if ( -w $_) {
|
|
|
+ hash_dir($_);
|
|
|
+ } else {
|
|
|
+ print "Skipping $_, can't write\n";
|
|
|
+ $errorcount++;
|
|
|
+ }
|
|
|
+ }
|
|
|
}
|
|
|
exit($errorcount);
|
|
|
|
|
|
sub hash_dir {
|
|
|
- my %hashlist;
|
|
|
- print "Doing $_[0]\n";
|
|
|
- chdir $_[0];
|
|
|
- opendir(DIR, ".");
|
|
|
- my @flist = sort readdir(DIR);
|
|
|
- closedir DIR;
|
|
|
- if ( $removelinks ) {
|
|
|
- # Delete any existing symbolic links
|
|
|
- foreach (grep {/^[\da-f]+\.r{0,1}\d+$/} @flist) {
|
|
|
- if (-l $_) {
|
|
|
- print "unlink $_" if $verbose;
|
|
|
- unlink $_ || warn "Can't unlink $_, $!\n";
|
|
|
- }
|
|
|
- }
|
|
|
- }
|
|
|
- FILE: foreach $fname (grep {/\.(pem)|(crt)|(cer)|(crl)$/} @flist) {
|
|
|
- # Check to see if certificates and/or CRLs present.
|
|
|
- my ($cert, $crl) = check_file($fname);
|
|
|
- if (!$cert && !$crl) {
|
|
|
- print STDERR "WARNING: $fname does not contain a certificate or CRL: skipping\n";
|
|
|
- next;
|
|
|
- }
|
|
|
- link_hash_cert($fname) if ($cert);
|
|
|
- link_hash_crl($fname) if ($crl);
|
|
|
- }
|
|
|
+ my %hashlist;
|
|
|
+ print "Doing $_[0]\n";
|
|
|
+ chdir $_[0];
|
|
|
+ opendir(DIR, ".");
|
|
|
+ my @flist = sort readdir(DIR);
|
|
|
+ closedir DIR;
|
|
|
+ if ( $removelinks ) {
|
|
|
+ # Delete any existing symbolic links
|
|
|
+ foreach (grep {/^[\da-f]+\.r{0,1}\d+$/} @flist) {
|
|
|
+ if (-l $_) {
|
|
|
+ print "unlink $_" if $verbose;
|
|
|
+ unlink $_ || warn "Can't unlink $_, $!\n";
|
|
|
+ }
|
|
|
+ }
|
|
|
+ }
|
|
|
+ FILE: foreach $fname (grep {/\.(pem)|(crt)|(cer)|(crl)$/} @flist) {
|
|
|
+ # Check to see if certificates and/or CRLs present.
|
|
|
+ my ($cert, $crl) = check_file($fname);
|
|
|
+ if (!$cert && !$crl) {
|
|
|
+ print STDERR "WARNING: $fname does not contain a certificate or CRL: skipping\n";
|
|
|
+ next;
|
|
|
+ }
|
|
|
+ link_hash_cert($fname) if ($cert);
|
|
|
+ link_hash_crl($fname) if ($crl);
|
|
|
+ }
|
|
|
}
|
|
|
|
|
|
sub check_file {
|
|
|
- my ($is_cert, $is_crl) = (0,0);
|
|
|
- my $fname = $_[0];
|
|
|
- open IN, $fname;
|
|
|
- while(<IN>) {
|
|
|
- if (/^-----BEGIN (.*)-----/) {
|
|
|
- my $hdr = $1;
|
|
|
- if ($hdr =~ /^(X509 |TRUSTED |)CERTIFICATE$/) {
|
|
|
- $is_cert = 1;
|
|
|
- last if ($is_crl);
|
|
|
- } elsif ($hdr eq "X509 CRL") {
|
|
|
- $is_crl = 1;
|
|
|
- last if ($is_cert);
|
|
|
- }
|
|
|
- }
|
|
|
- }
|
|
|
- close IN;
|
|
|
- return ($is_cert, $is_crl);
|
|
|
+ my ($is_cert, $is_crl) = (0,0);
|
|
|
+ my $fname = $_[0];
|
|
|
+ open IN, $fname;
|
|
|
+ while(<IN>) {
|
|
|
+ if (/^-----BEGIN (.*)-----/) {
|
|
|
+ my $hdr = $1;
|
|
|
+ if ($hdr =~ /^(X509 |TRUSTED |)CERTIFICATE$/) {
|
|
|
+ $is_cert = 1;
|
|
|
+ last if ($is_crl);
|
|
|
+ } elsif ($hdr eq "X509 CRL") {
|
|
|
+ $is_crl = 1;
|
|
|
+ last if ($is_cert);
|
|
|
+ }
|
|
|
+ }
|
|
|
+ }
|
|
|
+ close IN;
|
|
|
+ return ($is_cert, $is_crl);
|
|
|
}
|
|
|
|
|
|
|
|
@@ -160,72 +160,72 @@ sub check_file {
|
|
|
# certificate fingerprints
|
|
|
|
|
|
sub link_hash_cert {
|
|
|
- my $fname = $_[0];
|
|
|
- $fname =~ s/\"/\\\"/g;
|
|
|
- my ($hash, $fprint) = `"$openssl" x509 $x509hash -fingerprint -noout -in "$fname"`;
|
|
|
- chomp $hash;
|
|
|
- chomp $fprint;
|
|
|
- $fprint =~ s/^.*=//;
|
|
|
- $fprint =~ tr/://d;
|
|
|
- my $suffix = 0;
|
|
|
- # Search for an unused hash filename
|
|
|
- while(exists $hashlist{"$hash.$suffix"}) {
|
|
|
- # Hash matches: if fingerprint matches its a duplicate cert
|
|
|
- if ($hashlist{"$hash.$suffix"} eq $fprint) {
|
|
|
- print STDERR "WARNING: Skipping duplicate certificate $fname\n";
|
|
|
- return;
|
|
|
- }
|
|
|
- $suffix++;
|
|
|
- }
|
|
|
- $hash .= ".$suffix";
|
|
|
- if ($symlink_exists) {
|
|
|
- print "link $fname -> $hash\n" if $verbose;
|
|
|
- symlink $fname, $hash || warn "Can't symlink, $!";
|
|
|
- } else {
|
|
|
- print "copy $fname -> $hash\n" if $verbose;
|
|
|
- if (open($in, "<", $fname)) {
|
|
|
- if (open($out,">", $hash)) {
|
|
|
- print $out $_ while (<$in>);
|
|
|
- close $out;
|
|
|
- } else {
|
|
|
- warn "can't open $hash for write, $!";
|
|
|
- }
|
|
|
- close $in;
|
|
|
- } else {
|
|
|
- warn "can't open $fname for read, $!";
|
|
|
- }
|
|
|
- }
|
|
|
- $hashlist{$hash} = $fprint;
|
|
|
+ my $fname = $_[0];
|
|
|
+ $fname =~ s/\"/\\\"/g;
|
|
|
+ my ($hash, $fprint) = `"$openssl" x509 $x509hash -fingerprint -noout -in "$fname"`;
|
|
|
+ chomp $hash;
|
|
|
+ chomp $fprint;
|
|
|
+ $fprint =~ s/^.*=//;
|
|
|
+ $fprint =~ tr/://d;
|
|
|
+ my $suffix = 0;
|
|
|
+ # Search for an unused hash filename
|
|
|
+ while(exists $hashlist{"$hash.$suffix"}) {
|
|
|
+ # Hash matches: if fingerprint matches its a duplicate cert
|
|
|
+ if ($hashlist{"$hash.$suffix"} eq $fprint) {
|
|
|
+ print STDERR "WARNING: Skipping duplicate certificate $fname\n";
|
|
|
+ return;
|
|
|
+ }
|
|
|
+ $suffix++;
|
|
|
+ }
|
|
|
+ $hash .= ".$suffix";
|
|
|
+ if ($symlink_exists) {
|
|
|
+ print "link $fname -> $hash\n" if $verbose;
|
|
|
+ symlink $fname, $hash || warn "Can't symlink, $!";
|
|
|
+ } else {
|
|
|
+ print "copy $fname -> $hash\n" if $verbose;
|
|
|
+ if (open($in, "<", $fname)) {
|
|
|
+ if (open($out,">", $hash)) {
|
|
|
+ print $out $_ while (<$in>);
|
|
|
+ close $out;
|
|
|
+ } else {
|
|
|
+ warn "can't open $hash for write, $!";
|
|
|
+ }
|
|
|
+ close $in;
|
|
|
+ } else {
|
|
|
+ warn "can't open $fname for read, $!";
|
|
|
+ }
|
|
|
+ }
|
|
|
+ $hashlist{$hash} = $fprint;
|
|
|
}
|
|
|
|
|
|
# Same as above except for a CRL. CRL links are of the form <hash>.r<n>
|
|
|
|
|
|
sub link_hash_crl {
|
|
|
- my $fname = $_[0];
|
|
|
- $fname =~ s/'/'\\''/g;
|
|
|
- my ($hash, $fprint) = `"$openssl" crl $crlhash -fingerprint -noout -in '$fname'`;
|
|
|
- chomp $hash;
|
|
|
- chomp $fprint;
|
|
|
- $fprint =~ s/^.*=//;
|
|
|
- $fprint =~ tr/://d;
|
|
|
- my $suffix = 0;
|
|
|
- # Search for an unused hash filename
|
|
|
- while(exists $hashlist{"$hash.r$suffix"}) {
|
|
|
- # Hash matches: if fingerprint matches its a duplicate cert
|
|
|
- if ($hashlist{"$hash.r$suffix"} eq $fprint) {
|
|
|
- print STDERR "WARNING: Skipping duplicate CRL $fname\n";
|
|
|
- return;
|
|
|
- }
|
|
|
- $suffix++;
|
|
|
- }
|
|
|
- $hash .= ".r$suffix";
|
|
|
- if ($symlink_exists) {
|
|
|
- print "link $fname -> $hash\n" if $verbose;
|
|
|
- symlink $fname, $hash || warn "Can't symlink, $!";
|
|
|
- } else {
|
|
|
- print "cp $fname -> $hash\n" if $verbose;
|
|
|
- system ("cp", $fname, $hash);
|
|
|
- warn "Can't copy, $!" if ($? >> 8) != 0;
|
|
|
- }
|
|
|
- $hashlist{$hash} = $fprint;
|
|
|
+ my $fname = $_[0];
|
|
|
+ $fname =~ s/'/'\\''/g;
|
|
|
+ my ($hash, $fprint) = `"$openssl" crl $crlhash -fingerprint -noout -in '$fname'`;
|
|
|
+ chomp $hash;
|
|
|
+ chomp $fprint;
|
|
|
+ $fprint =~ s/^.*=//;
|
|
|
+ $fprint =~ tr/://d;
|
|
|
+ my $suffix = 0;
|
|
|
+ # Search for an unused hash filename
|
|
|
+ while(exists $hashlist{"$hash.r$suffix"}) {
|
|
|
+ # Hash matches: if fingerprint matches its a duplicate cert
|
|
|
+ if ($hashlist{"$hash.r$suffix"} eq $fprint) {
|
|
|
+ print STDERR "WARNING: Skipping duplicate CRL $fname\n";
|
|
|
+ return;
|
|
|
+ }
|
|
|
+ $suffix++;
|
|
|
+ }
|
|
|
+ $hash .= ".r$suffix";
|
|
|
+ if ($symlink_exists) {
|
|
|
+ print "link $fname -> $hash\n" if $verbose;
|
|
|
+ symlink $fname, $hash || warn "Can't symlink, $!";
|
|
|
+ } else {
|
|
|
+ print "cp $fname -> $hash\n" if $verbose;
|
|
|
+ system ("cp", $fname, $hash);
|
|
|
+ warn "Can't copy, $!" if ($? >> 8) != 0;
|
|
|
+ }
|
|
|
+ $hashlist{$hash} = $fprint;
|
|
|
}
|