[Pkg-openssl-changes] r190 - in openssl/trunk: debian doc/apps tools

Thu Nov 30 22:17:45 CET 2006

Author: kroeckx
Date: 2006-11-30 22:17:45 +0100 (Thu, 30 Nov 2006)
New Revision: 190

Modified:
   openssl/trunk/debian/changelog
   openssl/trunk/doc/apps/c_rehash.pod
   openssl/trunk/tools/c_rehash
   openssl/trunk/tools/c_rehash.in
Log:
Make c_rehash look for both .pem and .crt files.  Also make it support
files in DER format.  Patch by "Yauheni Kaliuta" <y.kaliuta at gmail.com>
(Closes: #387089)


Modified: openssl/trunk/debian/changelog
===================================================================

--- openssl/trunk/debian/changelog	2006-11-30 21:14:39 UTC (rev 189)
+++ openssl/trunk/debian/changelog	2006-11-30 21:17:45 UTC (rev 190)
@@ -2,6 +2,9 @@
 
  * Add German debconf translation.  Thanks to
    Johannes Starosta <feedback-an-johannes at arcor.de> (Closes: #388108)
+ * Make c_rehash look for both .pem and .crt files.  Also make it support
+   files in DER format.  Patch by "Yauheni Kaliuta" <y.kaliuta at gmail.com>
+   (Closes: #387089)
 
  -- Kurt Roeckx <kurt at roeckx.be>  Thu, 30 Nov 2006 20:57:46 +0000
 

Modified: openssl/trunk/doc/apps/c_rehash.pod
===================================================================
--- openssl/trunk/doc/apps/c_rehash.pod	2006-11-30 21:14:39 UTC (rev 189)
+++ openssl/trunk/doc/apps/c_rehash.pod	2006-11-30 21:17:45 UTC (rev 190)
@@ -12,7 +12,7 @@
 
 =head1 DESCRIPTION
 
-c_rehash scans directories and takes a hash value of each .pem file in the directory. It then creates symbolic links for each of the files named by the hash value. This is useful as many programs require directories to be set up like this in order to find the certificates they require. 
+c_rehash scans directories and takes a hash value of each .pem and .crt file in the directory. It then creates symbolic links for each of the files named by the hash value. This is useful as many programs require directories to be set up like this in order to find the certificates they require. 
 
 If any directories are named on the command line then these directories are processed in turn. If not then and the environment variable SSL_CERT_DIR is defined then that is consulted. This variable should be a colon (:) separated list of directories, all of which will be processed. If neither of these conditions are true then /usr/lib/ssl/certs is processed. 
 

Modified: openssl/trunk/tools/c_rehash
===================================================================
--- openssl/trunk/tools/c_rehash	2006-11-30 21:14:39 UTC (rev 189)
+++ openssl/trunk/tools/c_rehash	2006-11-30 21:17:45 UTC (rev 190)
@@ -59,12 +59,15 @@
 		}
 	}
 	closedir DIR;
-	FILE: foreach $fname (grep {/\.pem$/} @flist) {
+	FILE: foreach $fname (grep {/\.pem$|\.crt$/} @flist) {
 		# Check to see if certificates and/or CRLs present.
 		my ($cert, $crl) = check_file($fname);
 		if(!$cert && !$crl) {
-			print STDERR "WARNING: $fname does not contain a certificate or CRL: skipping\n";
-			next;
+			($cert, $crl) = check_file("$openssl x509 -in \"$fname\" -inform der  -outform pem | ");
+			if(!$cert && !$crl) {
+				print STDERR "WARNING: $fname does not contain a certificate or CRL: skipping\n";
+				next;
+			}
 		}
 		link_hash_cert($fname) if($cert);
 		link_hash_crl($fname) if($crl);
@@ -102,6 +105,9 @@
 		my $fname = $_[0];
 		$fname =~ s/'/'\\''/g;
 		my ($hash, $fprint) = `"$openssl" x509 -hash -fingerprint -noout -in '$fname'`;
+		if(!$hash || !fprint) {
+			($hash, $fprint) = `"$openssl" x509 -hash -fingerprint -noout -in '$fname' -inform der`;
+		}
 		chomp $hash;
 		chomp $fprint;
 		$fprint =~ s/^.*=//;

Modified: openssl/trunk/tools/c_rehash.in
===================================================================
--- openssl/trunk/tools/c_rehash.in	2006-11-30 21:14:39 UTC (rev 189)
+++ openssl/trunk/tools/c_rehash.in	2006-11-30 21:17:45 UTC (rev 190)
@@ -59,12 +59,15 @@
 		}
 	}
 	closedir DIR;
-	FILE: foreach $fname (grep {/\.pem$/} @flist) {
+	FILE: foreach $fname (grep {/\.pem$|\.crt$/} @flist) {
 		# Check to see if certificates and/or CRLs present.
 		my ($cert, $crl) = check_file($fname);
 		if(!$cert && !$crl) {
-			print STDERR "WARNING: $fname does not contain a certificate or CRL: skipping\n";
-			next;
+			($cert, $crl) = check_file("$openssl x509 -in \"$fname\" -inform der  -outform pem | ");
+			if(!$cert && !$crl) {
+				print STDERR "WARNING: $fname does not contain a certificate or CRL: skipping\n";
+				next;
+			}
 		}
 		link_hash_cert($fname) if($cert);
 		link_hash_crl($fname) if($crl);
@@ -102,6 +105,9 @@
 		my $fname = $_[0];
 		$fname =~ s/'/'\\''/g;
 		my ($hash, $fprint) = `"$openssl" x509 -hash -fingerprint -noout -in '$fname'`;
+		if(!$hash || !fprint) {
+			($hash, $fprint) = `"$openssl" x509 -hash -fingerprint -noout -in '$fname' -inform der`;
+		}
 		chomp $hash;
 		chomp $fprint;
 		$fprint =~ s/^.*=//;


