From bc0dabd4e1a01c82d1011855caaf60a3cd6cab84 Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Tue, 10 Feb 2015 15:29:34 +0000
Subject: Introduce an openssl(1) certhash command.

This is effectively a reimplementation of the functionality provided by
the previously removed c_rehash Perl script. The c_rehash script had a
number of known issues, including the fact that it needs to run openssl(1)
multiple times and that it starts by removing all symlinks before
putting them back, creating atomicity issues/race conditions, even when
nothing has changed.

certhash is self-contained and is intended to be stable - no changes
should be made unless something has actually changed. This means it can
be run regularly in a production environment without causing certificate
lookup failures.

Further testing and improvements will happen in tree.

Discussed with tedu@
---
 src/usr.bin/openssl/progs.h | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'src/usr.bin/openssl/progs.h')

diff --git a/src/usr.bin/openssl/progs.h b/src/usr.bin/openssl/progs.h
index 6f957c6f7c..e1494e1147 100644
--- a/src/usr.bin/openssl/progs.h
+++ b/src/usr.bin/openssl/progs.h
@@ -1,8 +1,9 @@
-/* $OpenBSD: progs.h,v 1.1 2014/08/26 17:47:25 jsing Exp $ */
+/* $OpenBSD: progs.h,v 1.2 2015/02/10 15:29:34 jsing Exp $ */
 /* Public domain */
 
 extern int asn1parse_main(int argc, char *argv[]);
 extern int ca_main(int argc, char *argv[]);
+extern int certhash_main(int argc, char *argv[]);
 extern int ciphers_main(int argc, char *argv[]);
 extern int cms_main(int argc, char *argv[]);
 extern int crl2pkcs7_main(int argc, char *argv[]);
@@ -66,6 +67,7 @@ FUNCTION functions[] = {
 	/* General functions. */
 	{ FUNC_TYPE_GENERAL, "asn1parse", asn1parse_main },
 	{ FUNC_TYPE_GENERAL, "ca", ca_main },
+	{ FUNC_TYPE_GENERAL, "certhash", certhash_main },
 	{ FUNC_TYPE_GENERAL, "ciphers", ciphers_main },
 #ifndef OPENSSL_NO_CMS
 	{ FUNC_TYPE_GENERAL, "cms", cms_main },
-- 
cgit v1.2.3-55-g6feb