head 1.3; access; symbols perseant-exfatfs-base-20250801:1.3 perseant-exfatfs-base-20240630:1.3 perseant-exfatfs:1.3.0.24 perseant-exfatfs-base:1.3 cjep_sun2x:1.3.0.22 cjep_sun2x-base:1.3 cjep_staticlib_x-base1:1.3 cjep_staticlib_x:1.3.0.20 cjep_staticlib_x-base:1.3 phil-wifi-20200421:1.3 phil-wifi-20200411:1.3 phil-wifi-20200406:1.3 pgoyette-compat-merge-20190127:1.3 pgoyette-compat-20190127:1.3 pgoyette-compat-20190118:1.3 pgoyette-compat-1226:1.3 pgoyette-compat-1126:1.3 pgoyette-compat-1020:1.3 pgoyette-compat-0930:1.3 pgoyette-compat-0906:1.3 pgoyette-compat-0728:1.3 pgoyette-compat-0625:1.3 pgoyette-compat-0521:1.3 pgoyette-compat-0502:1.3 pgoyette-compat-0422:1.3 pgoyette-compat-0415:1.3 pgoyette-compat-0407:1.3 pgoyette-compat-0330:1.3 pgoyette-compat-0322:1.3 pgoyette-compat-0315:1.3 pgoyette-compat:1.3.0.18 pgoyette-compat-base:1.3 perseant-stdc-iso10646:1.3.0.16 perseant-stdc-iso10646-base:1.3 prg-localcount2-base3:1.3 prg-localcount2-base2:1.3 prg-localcount2-base1:1.3 prg-localcount2:1.3.0.14 prg-localcount2-base:1.3 pgoyette-localcount-20170426:1.3 bouyer-socketcan-base1:1.3 pgoyette-localcount-20170320:1.3 bouyer-socketcan:1.3.0.12 bouyer-socketcan-base:1.3 pgoyette-localcount-20170107:1.3 pgoyette-localcount-20161104:1.3 localcount-20160914:1.3 pgoyette-localcount-20160806:1.3 pgoyette-localcount-20160726:1.3 pgoyette-localcount:1.3.0.10 pgoyette-localcount-base:1.3 netbsd-5-2-3-RELEASE:1.1.1.13 netbsd-5-1-5-RELEASE:1.1.1.13 yamt-pagecache-base9:1.3 yamt-pagecache-tag8:1.3 tls-earlyentropy:1.3.0.6 tls-earlyentropy-base:1.3 riastradh-xf86-video-intel-2-7-1-pre-2-21-15:1.3 riastradh-drm2-base3:1.3 netbsd-5-2-2-RELEASE:1.1.1.13 netbsd-5-1-4-RELEASE:1.1.1.13 netbsd-5-2-1-RELEASE:1.1.1.13 netbsd-5-1-3-RELEASE:1.1.1.13 agc-symver:1.3.0.8 agc-symver-base:1.3 tls-maxphys-base:1.3 yamt-pagecache-base8:1.3 netbsd-5-2:1.1.1.13.0.2 yamt-pagecache-base7:1.3 netbsd-5-2-RELEASE:1.1.1.13 netbsd-5-2-RC1:1.1.1.13 yamt-pagecache-base6:1.3 yamt-pagecache-base5:1.3 yamt-pagecache-base4:1.3 netbsd-5-1-2-RELEASE:1.1.1.13 netbsd-5-1-1-RELEASE:1.1.1.13 yamt-pagecache-base3:1.3 yamt-pagecache-base2:1.3 yamt-pagecache:1.3.0.4 yamt-pagecache-base:1.3 bouyer-quota2-nbase:1.3 bouyer-quota2:1.3.0.2 bouyer-quota2-base:1.3 matt-nb5-mips64-premerge-20101231:1.1.1.13 matt-nb5-pq3:1.1.1.13.0.14 matt-nb5-pq3-base:1.1.1.13 netbsd-5-1:1.1.1.13.0.12 netbsd-5-1-RELEASE:1.1.1.13 netbsd-5-1-RC4:1.1.1.13 matt-nb5-mips64-k15:1.1.1.13 netbsd-5-1-RC3:1.1.1.13 netbsd-5-1-RC2:1.1.1.13 netbsd-5-1-RC1:1.1.1.13 netbsd-5-0-2-RELEASE:1.1.1.13 matt-nb5-mips64-premerge-20091211:1.1.1.13 matt-nb5-mips64-u2-k2-k4-k7-k8-k9:1.1.1.13 matt-nb4-mips64-k7-u2a-k9b:1.1.1.13 matt-nb5-mips64-u1-k1-k5:1.1.1.13 matt-nb5-mips64:1.1.1.13.0.10 netbsd-5-0-1-RELEASE:1.1.1.13 jym-xensuspend-nbase:1.1.1.13 netbsd-5-0:1.1.1.13.0.8 netbsd-5-0-RELEASE:1.1.1.13 netbsd-5-0-RC4:1.1.1.13 netbsd-5-0-RC3:1.1.1.13 netbsd-5-0-RC2:1.1.1.13 jym-xensuspend:1.1.1.13.0.6 jym-xensuspend-base:1.1.1.13 netbsd-5-0-RC1:1.1.1.13 netbsd-5:1.1.1.13.0.4 netbsd-5-base:1.1.1.13 matt-mips64-base2:1.1.1.13 matt-mips64:1.1.1.12.0.14 netbsd-4-0-1-RELEASE:1.1.1.11.2.1 wrstuden-revivesa-base-3:1.1.1.13 wrstuden-revivesa-base-2:1.1.1.13 wrstuden-fixsa-newbase:1.1.1.11.2.1 wrstuden-revivesa-base-1:1.1.1.13 yamt-pf42-base4:1.1.1.13 yamt-pf42-base3:1.1.1.13 hpcarm-cleanup-nbase:1.1.1.13 yamt-pf42-baseX:1.1.1.12 yamt-pf42-base2:1.1.1.13 OPENSSL_SNAP_20080509:1.1.1.13 wrstuden-revivesa:1.1.1.12.0.12 wrstuden-revivesa-base:1.1.1.13 yamt-pf42:1.1.1.12.0.10 yamt-pf42-base:1.1.1.12 keiichi-mipv6:1.1.1.12.0.8 keiichi-mipv6-base:1.1.1.12 matt-armv6-nbase:1.1.1.12 matt-armv6-prevmlocking:1.1.1.12 wrstuden-fixsa-base-1:1.1.1.11.2.1 netbsd-4-0:1.1.1.11.2.1.0.2 netbsd-4-0-RELEASE:1.1.1.11.2.1 cube-autoconf:1.1.1.12.0.6 cube-autoconf-base:1.1.1.12 netbsd-4-0-RC5:1.1.1.11.2.1 netbsd-4-0-RC4:1.1.1.11.2.1 netbsd-4-0-RC3:1.1.1.11.2.1 netbsd-4-0-RC2:1.1.1.11.2.1 netbsd-4-0-RC1:1.1.1.11.2.1 matt-armv6:1.1.1.12.0.4 matt-armv6-base:1.1.1.12 matt-mips64-base:1.1.1.12 hpcarm-cleanup:1.1.1.12.0.2 hpcarm-cleanup-base:1.1.1.12 netbsd-3-1-1-RELEASE:1.1.1.7 netbsd-3-0-3-RELEASE:1.1.1.7 wrstuden-fixsa:1.1.1.11.0.4 wrstuden-fixsa-base:1.1.1.11.2.1 openssl_0_9_8e:1.1.1.12 abandoned-netbsd-4-base:1.1.1.10 abandoned-netbsd-4:1.1.1.10.0.2 openssl_0_9_8d:1.1.1.11 netbsd-3-1:1.1.1.7.0.12 netbsd-3-1-RELEASE:1.1.1.7 netbsd-3-0-2-RELEASE:1.1.1.7 netbsd-3-1-RC4:1.1.1.7 netbsd-3-1-RC3:1.1.1.7 netbsd-3-1-RC2:1.1.1.7 netbsd-3-1-RC1:1.1.1.7 netbsd-4:1.1.1.11.0.2 netbsd-4-base:1.1.1.11 netbsd-3-0-1-RELEASE:1.1.1.7 openssl_0_9_8b:1.1.1.10 netbsd-3-0:1.1.1.7.0.10 netbsd-3-0-RELEASE:1.1.1.7 netbsd-3-0-RC6:1.1.1.7 netbsd-3-0-RC5:1.1.1.7 netbsd-3-0-RC4:1.1.1.7 openssl_0_9_8a:1.1.1.9 netbsd-3-0-RC3:1.1.1.7 netbsd-3-0-RC2:1.1.1.7 netbsd-3-0-RC1:1.1.1.7 netbsd-2-0-3-RELEASE:1.1.1.7 netbsd-2-1:1.1.1.7.0.8 netbsd-2-1-RELEASE:1.1.1.7 netbsd-2-1-RC6:1.1.1.7 netbsd-2-1-RC5:1.1.1.7 netbsd-2-1-RC4:1.1.1.7 netbsd-2-1-RC3:1.1.1.7 netbsd-2-1-RC2:1.1.1.7 netbsd-2-1-RC1:1.1.1.7 openssl_0_9_7g:1.1.1.8 openssl_0_9_7f:1.1.1.8 netbsd-2-0-2-RELEASE:1.1.1.7 netbsd-3:1.1.1.7.0.6 netbsd-3-base:1.1.1.7 netbsd-2-0-1-RELEASE:1.1.1.7 netbsd-2:1.1.1.7.0.4 netbsd-2-base:1.1.1.7 netbsd-2-0-RELEASE:1.1.1.7 netbsd-2-0-RC5:1.1.1.7 netbsd-2-0-RC4:1.1.1.7 netbsd-2-0-RC3:1.1.1.7 netbsd-2-0-RC2:1.1.1.7 netbsd-2-0-RC1:1.1.1.7 netbsd-2-0:1.1.1.7.0.2 netbsd-2-0-base:1.1.1.7 openssl_0_9_7d:1.1.1.7 netbsd-1-6-PATCH002-RELEASE:1.1.1.2.2.2 netbsd-1-6-PATCH002:1.1.1.2.2.2 netbsd-1-6-PATCH002-RC4:1.1.1.2.2.2 netbsd-1-6-PATCH002-RC3:1.1.1.2.2.2 netbsd-1-6-PATCH002-RC2:1.1.1.2.2.2 openssl_0_9_7c:1.1.1.6 netbsd-1-6-PATCH002-RC1:1.1.1.2.2.2 openssl_0_9_7b:1.1.1.5 netbsd-1-6-PATCH001:1.1.1.2.2.2 netbsd-1-6-PATCH001-RELEASE:1.1.1.2.2.2 netbsd-1-6-PATCH001-RC3:1.1.1.2.2.2 netbsd-1-6-PATCH001-RC2:1.1.1.2.2.2 netbsd-1-6-PATCH001-RC1:1.1.1.2.2.2 fvdl_fs64_base:1.1.1.4 netbsd-1-6-RELEASE:1.1.1.2.2.2 netbsd-1-6-RC3:1.1.1.2.2.2 netbsd-1-6-RC2:1.1.1.2.2.2 netbsd-1-6-RC1:1.1.1.2.2.2 openssl_0_9_6g:1.1.1.4 openssl_0_9_6f:1.1.1.4 openssl_0_9_6e:1.1.1.3 openssl_0_9_6d:1.1.1.2 netbsd-1-6:1.1.1.2.0.2 netbsd-1-6-base:1.1.1.2 netbsd-1-5-PATCH003:1.1.1.1 netbsd-1-5-PATCH002:1.1.1.1 openssl_0_9_6b:1.1.1.2 netbsd-1-5-PATCH001:1.1.1.1 openssl_0_9_6a:1.1.1.2 netbsd-1-5-RELEASE:1.1.1.1 netbsd-1-5-BETA2:1.1.1.1 netbsd-1-5-BETA:1.1.1.1 netbsd-1-5-ALPHA2:1.1.1.1 mrg-post-merge-openssl_0_9_5a:1.1.1.1 openssl_0_9_5a:1.1.1.1 minoura-xpg4dl:1.1.1.1.0.4 minoura-xpg4dl-base:1.1.1.1 netbsd-1-5:1.1.1.1.0.2 netbsd-1-5-base:1.1.1.1 openssl_0_9_4-netbsd-cryptosrc-intl:1.1.1.1 OPENSSL:1.1.1; locks; strict; comment @# @; 1.3 date 2009.07.20.22.56.58; author christos; state dead; branches; next 1.2; 1.2 date 2009.06.23.14.08.02; author christos; state Exp; branches; next 1.1; 1.1 date 2000.06.14.22.44.20; author thorpej; state Exp; branches 1.1.1.1; next ; 1.1.1.1 date 2000.06.14.22.44.20; author thorpej; state Exp; branches 1.1.1.1.2.1 1.1.1.1.4.1; next 1.1.1.2; 1.1.1.2 date 2001.04.12.03.12.06; author itojun; state Exp; branches 1.1.1.2.2.1; next 1.1.1.3; 1.1.1.3 date 2002.07.31.00.11.02; author itojun; state Exp; branches; next 1.1.1.4; 1.1.1.4 date 2002.08.08.23.22.33; author itojun; state Exp; branches; next 1.1.1.5; 1.1.1.5 date 2003.07.24.08.29.39; author itojun; state Exp; branches; next 1.1.1.6; 1.1.1.6 date 2003.11.04.23.26.15; author itojun; state Exp; branches; next 1.1.1.7; 1.1.1.7 date 2004.03.20.04.24.01; author groo; state Exp; branches; next 1.1.1.8; 1.1.1.8 date 2005.03.25.19.11.42; author christos; state Exp; branches; next 1.1.1.9; 1.1.1.9 date 2005.11.25.03.10.10; author christos; state Exp; branches; next 1.1.1.10; 1.1.1.10 date 2006.06.03.01.45.42; author christos; state Exp; branches; next 1.1.1.11; 1.1.1.11 date 2006.11.13.21.22.23; author christos; state Exp; branches 1.1.1.11.2.1 1.1.1.11.4.1; next 1.1.1.12; 1.1.1.12 date 2007.03.06.21.21.35; author mjf; state Exp; branches 1.1.1.12.10.1 1.1.1.12.12.1; next 1.1.1.13; 1.1.1.13 date 2008.05.09.21.34.47; author christos; state Exp; branches; next ; 1.1.1.1.2.1 date 2002.08.29.16.48.23; author he; state Exp; branches; next ; 1.1.1.1.4.1 date 2000.06.14.22.44.20; author thorpej; state dead; branches; next 1.1.1.1.4.2; 1.1.1.1.4.2 date 2000.06.14.22.44.21; author thorpej; state Exp; branches; next ; 1.1.1.2.2.1 date 2002.08.02.12.05.23; author lukem; state Exp; branches; next 1.1.1.2.2.2; 1.1.1.2.2.2 date 2002.08.09.23.48.05; author lukem; state Exp; branches; next ; 1.1.1.11.2.1 date 2007.08.25.17.53.05; author liamjfoy; state Exp; branches; next ; 1.1.1.11.4.1 date 2007.09.03.06.52.52; author wrstuden; state Exp; branches; next ; 1.1.1.12.10.1 date 2008.05.18.12.29.09; author yamt; state Exp; branches; next ; 1.1.1.12.12.1 date 2008.06.23.04.27.01; author wrstuden; state Exp; branches; next ; desc @@ 1.3 log @Don't lets this linger around forever. Causes hidden bugs. @ text @#!/usr/pkg/bin/perl # Perl c_rehash script, scan all files in a directory # and add symbolic links to their hash values. my $openssl; my $dir = "/usr/local/ssl"; if(defined $ENV{OPENSSL}) { $openssl = $ENV{OPENSSL}; } else { $openssl = "openssl"; $ENV{OPENSSL} = $openssl; } my $pwd; eval "require Cwd"; if (defined(&Cwd::getcwd)) { $pwd=Cwd::getcwd(); } else { $pwd=`pwd`; chomp($pwd); } my $path_delim = ($pwd =~ /^[a-z]\:/i) ? ';' : ':'; # DOS/Win32 or Unix delimiter? $ENV{PATH} .= "$path_delim$dir/bin"; if(! -x $openssl) { my $found = 0; foreach (split /$path_delim/, $ENV{PATH}) { if(-x "$_/$openssl") { $found = 1; $openssl = "$_/$openssl"; last; } } if($found == 0) { print STDERR "c_rehash: rehashing skipped ('openssl' program not available)\n"; exit 0; } } if(@@ARGV) { @@dirlist = @@ARGV; } elsif($ENV{SSL_CERT_DIR}) { @@dirlist = split /$path_delim/, $ENV{SSL_CERT_DIR}; } else { $dirlist[0] = "$dir/certs"; } if (-d $dirlist[0]) { chdir $dirlist[0]; $openssl="$pwd/$openssl" if (!-x $openssl); chdir $pwd; } foreach (@@dirlist) { if(-d $_ and -w $_) { hash_dir($_); } } sub hash_dir { my %hashlist; print "Doing $_[0]\n"; chdir $_[0]; opendir(DIR, "."); my @@flist = readdir(DIR); # Delete any existing symbolic links foreach (grep {/^[\da-f]+\.r{0,1}\d+$/} @@flist) { if(-l $_) { unlink $_; } } closedir DIR; FILE: foreach $fname (grep {/\.pem$/} @@flist) { # Check to see if certificates and/or CRLs present. my ($cert, $crl) = check_file($fname); if(!$cert && !$crl) { print STDERR "WARNING: $fname does not contain a certificate or CRL: skipping\n"; next; } link_hash_cert($fname) if($cert); link_hash_crl($fname) if($crl); } } sub check_file { my ($is_cert, $is_crl) = (0,0); my $fname = $_[0]; open IN, $fname; while() { if(/^-----BEGIN (.*)-----/) { my $hdr = $1; if($hdr =~ /^(X509 |TRUSTED |)CERTIFICATE$/) { $is_cert = 1; last if($is_crl); } elsif($hdr eq "X509 CRL") { $is_crl = 1; last if($is_cert); } } } close IN; return ($is_cert, $is_crl); } # Link a certificate to its subject name hash value, each hash is of # the form . where n is an integer. If the hash value already exists # then we need to up the value of n, unless its a duplicate in which # case we skip the link. We check for duplicates by comparing the # certificate fingerprints sub link_hash_cert { my $fname = $_[0]; $fname =~ s/'/'\\''/g; my ($hash, $fprint) = `"$openssl" x509 -hash -fingerprint -noout -in "$fname"`; chomp $hash; chomp $fprint; $fprint =~ s/^.*=//; $fprint =~ tr/://d; my $suffix = 0; # Search for an unused hash filename while(exists $hashlist{"$hash.$suffix"}) { # Hash matches: if fingerprint matches its a duplicate cert if($hashlist{"$hash.$suffix"} eq $fprint) { print STDERR "WARNING: Skipping duplicate certificate $fname\n"; return; } $suffix++; } $hash .= ".$suffix"; print "$fname => $hash\n"; $symlink_exists=eval {symlink("",""); 1}; if ($symlink_exists) { symlink $fname, $hash; } else { open IN,"<$fname" or die "can't open $fname for read"; open OUT,">$hash" or die "can't open $hash for write"; print OUT ; # does the job for small text files close OUT; close IN; } $hashlist{$hash} = $fprint; } # Same as above except for a CRL. CRL links are of the form .r sub link_hash_crl { my $fname = $_[0]; $fname =~ s/'/'\\''/g; my ($hash, $fprint) = `"$openssl" crl -hash -fingerprint -noout -in '$fname'`; chomp $hash; chomp $fprint; $fprint =~ s/^.*=//; $fprint =~ tr/://d; my $suffix = 0; # Search for an unused hash filename while(exists $hashlist{"$hash.r$suffix"}) { # Hash matches: if fingerprint matches its a duplicate cert if($hashlist{"$hash.r$suffix"} eq $fprint) { print STDERR "WARNING: Skipping duplicate CRL $fname\n"; return; } $suffix++; } $hash .= ".r$suffix"; print "$fname => $hash\n"; $symlink_exists=eval {symlink("",""); 1}; if ($symlink_exists) { symlink $fname, $hash; } else { system ("cp", $fname, $hash); } $hashlist{$hash} = $fprint; } @ 1.2 log @PR/41628: Jukka Salmi: OpenSSL's c_rehash can't find openssl binary @ text @@ 1.1 log @Initial revision @ text @d1 179 a179 61 #!/bin/sh # # redo the hashes for the certificates in your cert path or the ones passed # on the command line. # if [ "$OPENSSL"x = "x" -o ! -x "$OPENSSL" ]; then OPENSSL='openssl' export OPENSSL fi DIR=/usr/local/ssl PATH=$DIR/bin:$PATH if [ ! -f "$OPENSSL" ]; then found=0 for dir in . `echo $PATH | sed -e 's/:/ /g'`; do if [ -f "$dir/$OPENSSL" ]; then found=1 break fi done if [ $found = 0 ]; then echo "c_rehash: rehashing skipped ('openssl' program not available)" 1>&2 exit 0 fi fi SSL_DIR=$DIR/certs if [ "$*" = "" ]; then CERTS=${*:-${SSL_CERT_DIR:-$SSL_DIR}} else CERTS=$* fi IFS=': ' for i in $CERTS do ( IFS=' ' if [ -d $i -a -w $i ]; then cd $i echo "Doing $i" for i in *.pem do if [ $i != '*.pem' ]; then h=`$OPENSSL x509 -hash -noout -in $i` if [ "x$h" = "x" ]; then echo $i does not contain a certificate else if [ -f $h.0 ]; then /bin/rm -f $h.0 fi echo "$i => $h.0" ln -s $i $h.0 fi fi done fi ) done @ 1.1.1.1 log @Import OpenSSL 0.9.4 from netbsd-cryptosrc-intl. @ text @@ 1.1.1.1.4.1 log @file c_rehash was added on branch minoura-xpg4dl on 2000-06-14 22:44:21 +0000 @ text @d1 61 @ 1.1.1.1.4.2 log @Import OpenSSL 0.9.4 from netbsd-cryptosrc-intl. @ text @a0 61 #!/bin/sh # # redo the hashes for the certificates in your cert path or the ones passed # on the command line. # if [ "$OPENSSL"x = "x" -o ! -x "$OPENSSL" ]; then OPENSSL='openssl' export OPENSSL fi DIR=/usr/local/ssl PATH=$DIR/bin:$PATH if [ ! -f "$OPENSSL" ]; then found=0 for dir in . `echo $PATH | sed -e 's/:/ /g'`; do if [ -f "$dir/$OPENSSL" ]; then found=1 break fi done if [ $found = 0 ]; then echo "c_rehash: rehashing skipped ('openssl' program not available)" 1>&2 exit 0 fi fi SSL_DIR=$DIR/certs if [ "$*" = "" ]; then CERTS=${*:-${SSL_CERT_DIR:-$SSL_DIR}} else CERTS=$* fi IFS=': ' for i in $CERTS do ( IFS=' ' if [ -d $i -a -w $i ]; then cd $i echo "Doing $i" for i in *.pem do if [ $i != '*.pem' ]; then h=`$OPENSSL x509 -hash -noout -in $i` if [ "x$h" = "x" ]; then echo $i does not contain a certificate else if [ -f $h.0 ]; then /bin/rm -f $h.0 fi echo "$i => $h.0" ln -s $i $h.0 fi fi done fi ) done @ 1.1.1.1.2.1 log @Pull up revisions 1.1.1.2-1.1.1.4 (requested by itojun,he): Update OpenSSL to version 0.9.6g. Includes major version bump for libcrypto and all the dependent libraries. @ text @d1 61 a61 158 #!/usr/local/bin/perl # Perl c_rehash script, scan all files in a directory # and add symbolic links to their hash values. my $openssl; my $dir = "/usr/local/ssl"; if(defined $ENV{OPENSSL}) { $openssl = $ENV{OPENSSL}; } else { $openssl = "openssl"; $ENV{OPENSSL} = $openssl; } $ENV{PATH} .= ":$dir/bin"; if(! -f $openssl) { my $found = 0; foreach (split /:/, $ENV{PATH}) { if(-f "$_/$openssl") { $found = 1; last; } } if($found == 0) { print STDERR "c_rehash: rehashing skipped ('openssl' program not available)\n"; exit 0; } } if(@@ARGV) { @@dirlist = @@ARGV; } elsif($ENV{SSL_CERT_DIR}) { @@dirlist = split /:/, $ENV{SSL_CERT_DIR}; } else { $dirlist[0] = "$dir/certs"; } foreach (@@dirlist) { if(-d $_ and -w $_) { hash_dir($_); } } sub hash_dir { my %hashlist; print "Doing $_[0]\n"; chdir $_[0]; opendir(DIR, "."); my @@flist = readdir(DIR); # Delete any existing symbolic links foreach (grep {/^[\da-f]+\.r{0,1}\d+$/} @@flist) { if(-l $_) { unlink $_; } } closedir DIR; FILE: foreach $fname (grep {/\.pem$/} @@flist) { # Check to see if certificates and/or CRLs present. my ($cert, $crl) = check_file($fname); if(!$cert && !$crl) { print STDERR "WARNING: $fname does not contain a certificate or CRL: skipping\n"; next; } link_hash_cert($fname) if($cert); link_hash_crl($fname) if($crl); } } sub check_file { my ($is_cert, $is_crl) = (0,0); my $fname = $_[0]; open IN, $fname; while() { if(/^-----BEGIN (.*)-----/) { my $hdr = $1; if($hdr =~ /^(X509 |TRUSTED |)CERTIFICATE$/) { $is_cert = 1; last if($is_crl); } elsif($hdr eq "X509 CRL") { $is_crl = 1; last if($is_cert); } } } close IN; return ($is_cert, $is_crl); } # Link a certificate to its subject name hash value, each hash is of # the form . where n is an integer. If the hash value already exists # then we need to up the value of n, unless its a duplicate in which # case we skip the link. We check for duplicates by comparing the # certificate fingerprints sub link_hash_cert { my $fname = $_[0]; my ($hash, $fprint) = `$openssl x509 -hash -fingerprint -noout -in $fname`; chomp $hash; chomp $fprint; $fprint =~ s/^.*=//; $fprint =~ tr/://d; my $suffix = 0; # Search for an unused hash filename while(exists $hashlist{"$hash.$suffix"}) { # Hash matches: if fingerprint matches its a duplicate cert if($hashlist{"$hash.$suffix"} eq $fprint) { print STDERR "WARNING: Skipping duplicate certificate $fname\n"; return; } $suffix++; } $hash .= ".$suffix"; print "$fname => $hash\n"; $symlink_exists=eval {symlink("",""); 1}; if ($symlink_exists) { symlink $fname, $hash; } else { system ("cp", $fname, $hash); } $hashlist{$hash} = $fprint; } # Same as above except for a CRL. CRL links are of the form .r sub link_hash_crl { my $fname = $_[0]; my ($hash, $fprint) = `$openssl crl -hash -fingerprint -noout -in $fname`; chomp $hash; chomp $fprint; $fprint =~ s/^.*=//; $fprint =~ tr/://d; my $suffix = 0; # Search for an unused hash filename while(exists $hashlist{"$hash.r$suffix"}) { # Hash matches: if fingerprint matches its a duplicate cert if($hashlist{"$hash.r$suffix"} eq $fprint) { print STDERR "WARNING: Skipping duplicate CRL $fname\n"; return; } $suffix++; } $hash .= ".r$suffix"; print "$fname => $hash\n"; $symlink_exists=eval {symlink("",""); 1}; if ($symlink_exists) { symlink $fname, $hash; } else { system ("cp", $fname, $hash); } $hashlist{$hash} = $fprint; } @ 1.1.1.2 log @OpenSSL 0.9.6a @ text @d1 61 a61 158 #!/usr/local/bin/perl # Perl c_rehash script, scan all files in a directory # and add symbolic links to their hash values. my $openssl; my $dir = "/usr/local/ssl"; if(defined $ENV{OPENSSL}) { $openssl = $ENV{OPENSSL}; } else { $openssl = "openssl"; $ENV{OPENSSL} = $openssl; } $ENV{PATH} .= ":$dir/bin"; if(! -f $openssl) { my $found = 0; foreach (split /:/, $ENV{PATH}) { if(-f "$_/$openssl") { $found = 1; last; } } if($found == 0) { print STDERR "c_rehash: rehashing skipped ('openssl' program not available)\n"; exit 0; } } if(@@ARGV) { @@dirlist = @@ARGV; } elsif($ENV{SSL_CERT_DIR}) { @@dirlist = split /:/, $ENV{SSL_CERT_DIR}; } else { $dirlist[0] = "$dir/certs"; } foreach (@@dirlist) { if(-d $_ and -w $_) { hash_dir($_); } } sub hash_dir { my %hashlist; print "Doing $_[0]\n"; chdir $_[0]; opendir(DIR, "."); my @@flist = readdir(DIR); # Delete any existing symbolic links foreach (grep {/^[\da-f]+\.r{0,1}\d+$/} @@flist) { if(-l $_) { unlink $_; } } closedir DIR; FILE: foreach $fname (grep {/\.pem$/} @@flist) { # Check to see if certificates and/or CRLs present. my ($cert, $crl) = check_file($fname); if(!$cert && !$crl) { print STDERR "WARNING: $fname does not contain a certificate or CRL: skipping\n"; next; } link_hash_cert($fname) if($cert); link_hash_crl($fname) if($crl); } } sub check_file { my ($is_cert, $is_crl) = (0,0); my $fname = $_[0]; open IN, $fname; while() { if(/^-----BEGIN (.*)-----/) { my $hdr = $1; if($hdr =~ /^(X509 |TRUSTED |)CERTIFICATE$/) { $is_cert = 1; last if($is_crl); } elsif($hdr eq "X509 CRL") { $is_crl = 1; last if($is_cert); } } } close IN; return ($is_cert, $is_crl); } # Link a certificate to its subject name hash value, each hash is of # the form . where n is an integer. If the hash value already exists # then we need to up the value of n, unless its a duplicate in which # case we skip the link. We check for duplicates by comparing the # certificate fingerprints sub link_hash_cert { my $fname = $_[0]; my ($hash, $fprint) = `$openssl x509 -hash -fingerprint -noout -in $fname`; chomp $hash; chomp $fprint; $fprint =~ s/^.*=//; $fprint =~ tr/://d; my $suffix = 0; # Search for an unused hash filename while(exists $hashlist{"$hash.$suffix"}) { # Hash matches: if fingerprint matches its a duplicate cert if($hashlist{"$hash.$suffix"} eq $fprint) { print STDERR "WARNING: Skipping duplicate certificate $fname\n"; return; } $suffix++; } $hash .= ".$suffix"; print "$fname => $hash\n"; $symlink_exists=eval {symlink("",""); 1}; if ($symlink_exists) { symlink $fname, $hash; } else { system ("cp", $fname, $hash); } $hashlist{$hash} = $fprint; } # Same as above except for a CRL. CRL links are of the form .r sub link_hash_crl { my $fname = $_[0]; my ($hash, $fprint) = `$openssl crl -hash -fingerprint -noout -in $fname`; chomp $hash; chomp $fprint; $fprint =~ s/^.*=//; $fprint =~ tr/://d; my $suffix = 0; # Search for an unused hash filename while(exists $hashlist{"$hash.r$suffix"}) { # Hash matches: if fingerprint matches its a duplicate cert if($hashlist{"$hash.r$suffix"} eq $fprint) { print STDERR "WARNING: Skipping duplicate CRL $fname\n"; return; } $suffix++; } $hash .= ".r$suffix"; print "$fname => $hash\n"; $symlink_exists=eval {symlink("",""); 1}; if ($symlink_exists) { symlink $fname, $hash; } else { system ("cp", $fname, $hash); } $hashlist{$hash} = $fprint; } @ 1.1.1.2.2.1 log @Pull up revision 1.1.1.3 (requested by itojun in ticket #607): sync to head for openssl 0.9.6e @ text @d1 1 a1 1 #!/usr/local/bin/perl5 @ 1.1.1.2.2.2 log @Manually pull up changes between openssl_0_9_6e and openssl_0_9_6f, which were previously missed. (effectively) requested by itojun in ticket #654 @ text @d1 1 a1 1 #!/usr/local/bin/perl @ 1.1.1.3 log @OpenSSL 0.9.6e. includes major security fixes (already applied) @ text @d1 1 a1 1 #!/usr/local/bin/perl5 @ 1.1.1.4 log @openssl 0.9.6f, with security fixes @ text @d1 1 a1 1 #!/usr/local/bin/perl @ 1.1.1.5 log @OpenSSL 0.9.7b, major API changes included @ text @d20 1 a20 1 if(! -x $openssl) { d23 1 a23 1 if(-x "$_/$openssl") { d103 1 a103 2 $fname =~ s/'/'\\''/g; my ($hash, $fprint) = `"$openssl" x509 -hash -fingerprint -noout -in '$fname'`; d133 1 a133 2 $fname =~ s/'/'\\''/g; my ($hash, $fprint) = `"$openssl" crl -hash -fingerprint -noout -in '$fname'`; @ 1.1.1.6 log @openssl 0.9.7c. security changes are already in place @ text @d1 1 a1 1 #!/usr/bin/perl @ 1.1.1.7 log @Import OpenSSL 0.9.7d to address: 1. Null-pointer assignment during SSL handshake 2. Out-of-bounds read affects Kerberos ciphersuites @ text @d1 1 a1 1 #!/usr/local/bin/perl @ 1.1.1.8 log @import openssl-0.9.7f from ftp.openssl.org @ text @d1 1 a1 1 #!/usr/bin/perl @ 1.1.1.9 log @from http://www.openssl.org/source @ text @d1 1 a1 1 #!/usr/local/bin/perl @ 1.1.1.10 log @ftp www.openssl.org @ text @d1 1 a1 1 #!/usr/bin/perl @ 1.1.1.11 log @import 0.9.8d @ text @d1 1 a1 1 #!/usr/local/bin/perl @ 1.1.1.11.4.1 log @Sync w/ NetBSD-4-RC_1 @ text @d1 1 a1 1 #!/usr/bin/perl @ 1.1.1.11.2.1 log @Pull up following (requested by mjf in ticket #828): Sync OpenSSL with HEAD @ text @d1 1 a1 1 #!/usr/bin/perl @ 1.1.1.12 log @Import OpenSSL 0.9.8e @ text @d1 1 a1 1 #!/usr/bin/perl @ 1.1.1.12.12.1 log @Sync w/ -current. 34 merge conflicts to follow. @ text @d1 1 a1 1 #!/usr/pkg/bin/perl d18 1 a18 10 my $pwd; eval "require Cwd"; if (defined(&Cwd::getcwd)) { $pwd=Cwd::getcwd(); } else { $pwd=`pwd`; chomp($pwd); } my $path_delim = ($pwd =~ /^[a-z]\:/i) ? ';' : ':'; # DOS/Win32 or Unix delimiter? $ENV{PATH} .= "$path_delim$dir/bin"; d22 1 a22 1 foreach (split /$path_delim/, $ENV{PATH}) { d37 1 a37 1 @@dirlist = split /$path_delim/, $ENV{SSL_CERT_DIR}; a41 5 if (-d $dirlist[0]) { chdir $dirlist[0]; $openssl="$pwd/$openssl" if (!-x $openssl); chdir $pwd; } d104 1 a104 1 my ($hash, $fprint) = `"$openssl" x509 -hash -fingerprint -noout -in "$fname"`; d125 1 a125 5 open IN,"<$fname" or die "can't open $fname for read"; open OUT,">$hash" or die "can't open $hash for write"; print OUT ; # does the job for small text files close OUT; close IN; @ 1.1.1.12.10.1 log @sync with head. @ text @d1 1 a1 1 #!/usr/pkg/bin/perl d18 1 a18 10 my $pwd; eval "require Cwd"; if (defined(&Cwd::getcwd)) { $pwd=Cwd::getcwd(); } else { $pwd=`pwd`; chomp($pwd); } my $path_delim = ($pwd =~ /^[a-z]\:/i) ? ';' : ':'; # DOS/Win32 or Unix delimiter? $ENV{PATH} .= "$path_delim$dir/bin"; d22 1 a22 1 foreach (split /$path_delim/, $ENV{PATH}) { d37 1 a37 1 @@dirlist = split /$path_delim/, $ENV{SSL_CERT_DIR}; a41 5 if (-d $dirlist[0]) { chdir $dirlist[0]; $openssl="$pwd/$openssl" if (!-x $openssl); chdir $pwd; } d104 1 a104 1 my ($hash, $fprint) = `"$openssl" x509 -hash -fingerprint -noout -in "$fname"`; d125 1 a125 5 open IN,"<$fname" or die "can't open $fname for read"; open OUT,">$hash" or die "can't open $hash for write"; print OUT ; # does the job for small text files close OUT; close IN; @ 1.1.1.13 log @import today's snapshot! Hi @ text @d1 1 a1 1 #!/usr/pkg/bin/perl d18 1 a18 10 my $pwd; eval "require Cwd"; if (defined(&Cwd::getcwd)) { $pwd=Cwd::getcwd(); } else { $pwd=`pwd`; chomp($pwd); } my $path_delim = ($pwd =~ /^[a-z]\:/i) ? ';' : ':'; # DOS/Win32 or Unix delimiter? $ENV{PATH} .= "$path_delim$dir/bin"; d22 1 a22 1 foreach (split /$path_delim/, $ENV{PATH}) { d37 1 a37 1 @@dirlist = split /$path_delim/, $ENV{SSL_CERT_DIR}; a41 5 if (-d $dirlist[0]) { chdir $dirlist[0]; $openssl="$pwd/$openssl" if (!-x $openssl); chdir $pwd; } d104 1 a104 1 my ($hash, $fprint) = `"$openssl" x509 -hash -fingerprint -noout -in "$fname"`; d125 1 a125 5 open IN,"<$fname" or die "can't open $fname for read"; open OUT,">$hash" or die "can't open $hash for write"; print OUT ; # does the job for small text files close OUT; close IN; @