head 1.2; access; symbols perseant-exfatfs-base-20250801:1.2 perseant-exfatfs-base-20240630:1.2 perseant-exfatfs:1.2.0.8 perseant-exfatfs-base:1.2 netbsd-8-3-RELEASE:1.1.1.2 cjep_sun2x:1.2.0.6 cjep_sun2x-base:1.2 cjep_staticlib_x-base1:1.2 cjep_staticlib_x:1.2.0.4 cjep_staticlib_x-base:1.2 phil-wifi-20200421:1.2 phil-wifi-20200411:1.2 phil-wifi-20200406:1.2 netbsd-8-2-RELEASE:1.1.1.2 netbsd-8-1-RELEASE:1.1.1.2 netbsd-8-1-RC1:1.1.1.2 pgoyette-compat-merge-20190127:1.2 pgoyette-compat-20190127:1.2 pgoyette-compat-20190118:1.2 pgoyette-compat-1226:1.2 pgoyette-compat-1126:1.2 pgoyette-compat-1020:1.2 pgoyette-compat-0930:1.2 pgoyette-compat-0906:1.2 netbsd-7-2-RELEASE:1.1.1.1 pgoyette-compat-0728:1.2 netbsd-8-0-RELEASE:1.1.1.2 pgoyette-compat-0625:1.2 netbsd-8-0-RC2:1.1.1.2 pgoyette-compat-0521:1.2 pgoyette-compat-0502:1.2 pgoyette-compat-0422:1.2 netbsd-8-0-RC1:1.1.1.2 pgoyette-compat-0415:1.2 pgoyette-compat-0407:1.2 pgoyette-compat-0330:1.2 pgoyette-compat-0322:1.2 pgoyette-compat-0315:1.2 netbsd-7-1-2-RELEASE:1.1.1.1 pgoyette-compat:1.2.0.2 pgoyette-compat-base:1.2 netbsd-7-1-1-RELEASE:1.1.1.1 matt-nb8-mediatek:1.1.1.2.0.10 matt-nb8-mediatek-base:1.1.1.2 perseant-stdc-iso10646:1.1.1.2.0.8 perseant-stdc-iso10646-base:1.1.1.2 netbsd-8:1.1.1.2.0.6 netbsd-8-base:1.1.1.2 prg-localcount2-base3:1.1.1.2 prg-localcount2-base2:1.1.1.2 prg-localcount2-base1:1.1.1.2 prg-localcount2:1.1.1.2.0.4 prg-localcount2-base:1.1.1.2 pgoyette-localcount-20170426:1.1.1.2 bouyer-socketcan-base1:1.1.1.2 pgoyette-localcount-20170320:1.1.1.2 netbsd-7-1:1.1.1.1.0.24 netbsd-7-1-RELEASE:1.1.1.1 netbsd-7-1-RC2:1.1.1.1 openssl-1-0-2k:1.1.1.2 netbsd-7-nhusb-base-20170116:1.1.1.1 bouyer-socketcan:1.1.1.2.0.2 bouyer-socketcan-base:1.1.1.2 pgoyette-localcount-20170107:1.1.1.2 netbsd-7-1-RC1:1.1.1.1 pgoyette-localcount-20161104:1.1.1.2 netbsd-7-0-2-RELEASE:1.1.1.1 openssl-1-0-2j:1.1.1.2 localcount-20160914:1.1.1.1 netbsd-7-nhusb:1.1.1.1.0.22 netbsd-7-nhusb-base:1.1.1.1 pgoyette-localcount-20160806:1.1.1.1 pgoyette-localcount-20160726:1.1.1.1 pgoyette-localcount:1.1.1.1.0.20 pgoyette-localcount-base:1.1.1.1 netbsd-7-0-1-RELEASE:1.1.1.1 openssl-1-0-1t:1.1.1.1 openssl-1-0-1s:1.1.1.1 openssl-1-0-1r:1.1.1.1 openssl-1-0-1q:1.1.1.1 netbsd-7-0:1.1.1.1.0.18 netbsd-7-0-RELEASE:1.1.1.1 netbsd-7-0-RC3:1.1.1.1 netbsd-7-0-RC2:1.1.1.1 openssl-1-0-1p:1.1.1.1 netbsd-7-0-RC1:1.1.1.1 openssl-1-0-1o:1.1.1.1 openssl-1-0-1n:1.1.1.1 openssl-1-0-1m:1.1.1.1 openssl-1-0-1k:1.1.1.1 netbsd-6-0-6-RELEASE:1.1.1.1.2.2 netbsd-6-1-5-RELEASE:1.1.1.1.2.2 netbsd-7:1.1.1.1.0.16 netbsd-7-base:1.1.1.1 openssl-1-0-1i:1.1.1.1 openssl-1-0-1h:1.1.1.1 yamt-pagecache-base9:1.1.1.1 yamt-pagecache-tag8:1.1.1.1.6.2 netbsd-6-1-4-RELEASE:1.1.1.1.2.2 netbsd-6-0-5-RELEASE:1.1.1.1.2.2 openssl-1-0-1g:1.1.1.1 tls-earlyentropy:1.1.1.1.0.14 tls-earlyentropy-base:1.1.1.1 riastradh-xf86-video-intel-2-7-1-pre-2-21-15:1.1.1.1 riastradh-drm2-base3:1.1.1.1 netbsd-6-1-3-RELEASE:1.1.1.1.2.2 netbsd-6-0-4-RELEASE:1.1.1.1.2.2 openssl-1-0-1f:1.1.1.1 netbsd-6-1-2-RELEASE:1.1.1.1.2.2 netbsd-6-0-3-RELEASE:1.1.1.1.2.2 netbsd-6-1-1-RELEASE:1.1.1.1.2.2 riastradh-drm2-base2:1.1.1.1 riastradh-drm2-base1:1.1.1.1 riastradh-drm2:1.1.1.1.0.8 riastradh-drm2-base:1.1.1.1 netbsd-6-1:1.1.1.1.2.2.0.6 netbsd-6-0-2-RELEASE:1.1.1.1.2.2 netbsd-6-1-RELEASE:1.1.1.1.2.2 khorben-n900:1.1.1.1.0.12 netbsd-6-1-RC4:1.1.1.1.2.2 netbsd-6-1-RC3:1.1.1.1.2.2 agc-symver:1.1.1.1.0.10 agc-symver-base:1.1.1.1 netbsd-6-1-RC2:1.1.1.1.2.2 netbsd-6-1-RC1:1.1.1.1.2.2 openssl-1-0-1e:1.1.1.1 openssl-1-0-1d:1.1.1.1 yamt-pagecache-base8:1.1.1.1 netbsd-6-0-1-RELEASE:1.1.1.1.2.2 yamt-pagecache-base7:1.1.1.1 matt-nb6-plus-nbase:1.1.1.1.2.2 yamt-pagecache:1.1.1.1.0.6 yamt-pagecache-base6:1.1.1.1 netbsd-6-0:1.1.1.1.2.2.0.4 netbsd-6-0-RELEASE:1.1.1.1.2.2 netbsd-6-0-RC2:1.1.1.1.2.2 tls-maxphys:1.1.1.1.0.4 tls-maxphys-base:1.1.1.1 matt-nb6-plus:1.1.1.1.2.2.0.2 matt-nb6-plus-base:1.1.1.1.2.2 netbsd-6-0-RC1:1.1.1.1.2.2 netbsd-6:1.1.1.1.0.2 openssl-1-0-1c:1.1.1.1 OPENSSL:1.1.1; locks; strict; comment @# @; 1.2 date 2018.02.08.21.51.38; author christos; state dead; branches; next 1.1; commitid ZC7h5KHFDY0lu6qA; 1.1 date 2012.07.26.15.05.56; author christos; state Exp; branches 1.1.1.1; next ; 1.1.1.1 date 2012.07.26.15.05.56; author christos; state Exp; branches 1.1.1.1.2.1 1.1.1.1.6.1 1.1.1.1.20.1; next 1.1.1.2; 1.1.1.2 date 2016.10.14.16.07.06; author spz; state Exp; branches; next ; commitid 69GZVCy2f1XW28qz; 1.1.1.1.2.1 date 2012.07.26.15.05.56; author riz; state dead; branches; next 1.1.1.1.2.2; 1.1.1.1.2.2 date 2012.08.14.07.57.00; author riz; state Exp; branches; next ; 1.1.1.1.6.1 date 2012.07.26.15.05.56; author yamt; state dead; branches; next 1.1.1.1.6.2; 1.1.1.1.6.2 date 2012.10.30.18.47.24; author yamt; state Exp; branches; next ; 1.1.1.1.20.1 date 2016.11.04.14.42.35; author pgoyette; state Exp; branches; next ; commitid 2m1JRwYmpwPkOOsz; desc @@ 1.2 log @merged conflicts @ text @#!/usr/bin/perl # Perl c_rehash script, scan all files in a directory # and add symbolic links to their hash values. my $openssl; my $dir = "/usr/local/ssl"; my $prefix = "/usr/local/ssl"; if(defined $ENV{OPENSSL}) { $openssl = $ENV{OPENSSL}; } else { $openssl = "openssl"; $ENV{OPENSSL} = $openssl; } my $pwd; eval "require Cwd"; if (defined(&Cwd::getcwd)) { $pwd=Cwd::getcwd(); } else { $pwd=`pwd`; chomp($pwd); } my $path_delim = ($pwd =~ /^[a-z]\:/i) ? ';' : ':'; # DOS/Win32 or Unix delimiter? $ENV{PATH} = "$prefix/bin" . ($ENV{PATH} ? $path_delim . $ENV{PATH} : ""); # prefix our path if(! -x $openssl) { my $found = 0; foreach (split /$path_delim/, $ENV{PATH}) { if(-x "$_/$openssl") { $found = 1; $openssl = "$_/$openssl"; last; } } if($found == 0) { print STDERR "c_rehash: rehashing skipped ('openssl' program not available)\n"; exit 0; } } if(@@ARGV) { @@dirlist = @@ARGV; } elsif($ENV{SSL_CERT_DIR}) { @@dirlist = split /$path_delim/, $ENV{SSL_CERT_DIR}; } else { $dirlist[0] = "$dir/certs"; } if (-d $dirlist[0]) { chdir $dirlist[0]; $openssl="$pwd/$openssl" if (!-x $openssl); chdir $pwd; } foreach (@@dirlist) { if(-d $_ and -w $_) { hash_dir($_); } } sub hash_dir { my %hashlist; print "Doing $_[0]\n"; chdir $_[0]; opendir(DIR, "."); my @@flist = readdir(DIR); # Delete any existing symbolic links foreach (grep {/^[\da-f]+\.r{0,1}\d+$/} @@flist) { if(-l $_) { unlink $_; } } closedir DIR; FILE: foreach $fname (grep {/\.pem$/} @@flist) { # Check to see if certificates and/or CRLs present. my ($cert, $crl) = check_file($fname); if(!$cert && !$crl) { print STDERR "WARNING: $fname does not contain a certificate or CRL: skipping\n"; next; } link_hash_cert($fname) if($cert); link_hash_crl($fname) if($crl); } } sub check_file { my ($is_cert, $is_crl) = (0,0); my $fname = $_[0]; open IN, $fname; while() { if(/^-----BEGIN (.*)-----/) { my $hdr = $1; if($hdr =~ /^(X509 |TRUSTED |)CERTIFICATE$/) { $is_cert = 1; last if($is_crl); } elsif($hdr eq "X509 CRL") { $is_crl = 1; last if($is_cert); } } } close IN; return ($is_cert, $is_crl); } # Link a certificate to its subject name hash value, each hash is of # the form . where n is an integer. If the hash value already exists # then we need to up the value of n, unless its a duplicate in which # case we skip the link. We check for duplicates by comparing the # certificate fingerprints sub link_hash_cert { my $fname = $_[0]; $fname =~ s/'/'\\''/g; my ($hash, $fprint) = `"$openssl" x509 -hash -fingerprint -noout -in "$fname"`; chomp $hash; chomp $fprint; $fprint =~ s/^.*=//; $fprint =~ tr/://d; my $suffix = 0; # Search for an unused hash filename while(exists $hashlist{"$hash.$suffix"}) { # Hash matches: if fingerprint matches its a duplicate cert if($hashlist{"$hash.$suffix"} eq $fprint) { print STDERR "WARNING: Skipping duplicate certificate $fname\n"; return; } $suffix++; } $hash .= ".$suffix"; print "$fname => $hash\n"; $symlink_exists=eval {symlink("",""); 1}; if ($symlink_exists) { symlink $fname, $hash; } else { open IN,"<$fname" or die "can't open $fname for read"; open OUT,">$hash" or die "can't open $hash for write"; print OUT ; # does the job for small text files close OUT; close IN; } $hashlist{$hash} = $fprint; } # Same as above except for a CRL. CRL links are of the form .r sub link_hash_crl { my $fname = $_[0]; $fname =~ s/'/'\\''/g; my ($hash, $fprint) = `"$openssl" crl -hash -fingerprint -noout -in '$fname'`; chomp $hash; chomp $fprint; $fprint =~ s/^.*=//; $fprint =~ tr/://d; my $suffix = 0; # Search for an unused hash filename while(exists $hashlist{"$hash.r$suffix"}) { # Hash matches: if fingerprint matches its a duplicate cert if($hashlist{"$hash.r$suffix"} eq $fprint) { print STDERR "WARNING: Skipping duplicate CRL $fname\n"; return; } $suffix++; } $hash .= ".r$suffix"; print "$fname => $hash\n"; $symlink_exists=eval {symlink("",""); 1}; if ($symlink_exists) { symlink $fname, $hash; } else { system ("cp", $fname, $hash); } $hashlist{$hash} = $fprint; } @ 1.1 log @Initial revision @ text @@ 1.1.1.1 log @from ftp.openssl.org @ text @@ 1.1.1.1.20.1 log @Sync with HEAD @ text @d3 1 d7 2 d12 5 a16 34 my $openssl = $ENV{OPENSSL} || "openssl"; my $pwd; my $x509hash = "-subject_hash"; my $crlhash = "-hash"; my $verbose = 0; my $symlink_exists=eval {symlink("",""); 1}; my $removelinks = 1; ## Parse flags. while ( $ARGV[0] =~ /^-/ ) { my $flag = shift @@ARGV; last if ( $flag eq '--'); if ( $flag eq '-old') { $x509hash = "-subject_hash_old"; $crlhash = "-hash_old"; } elsif ( $flag eq '-h') { help(); } elsif ( $flag eq '-n' ) { $removelinks = 0; } elsif ( $flag eq '-v' ) { $verbose++; } else { print STDERR "Usage error; try -help.\n"; exit 1; } } sub help { print "Usage: c_rehash [-old] [-h] [-v] [dirs...]\n"; print " -old use old-style digest\n"; print " -h print this help text\n"; print " -v print files removed and linked\n"; exit 0; d19 1 d24 1 a24 2 $pwd=`pwd`; chomp($pwd); d26 1 d28 1 a28 3 # DOS/Win32 or Unix delimiter? Prefix our installdir, then search. my $path_delim = ($pwd =~ /^[a-z]\:/i) ? ';' : ':'; $ENV{PATH} = "$prefix/bin" . ($ENV{PATH} ? $path_delim . $ENV{PATH} : ""); d71 4 a74 8 closedir DIR; if ( $removelinks ) { # Delete any existing symbolic links foreach (grep {/^[\da-f]+\.r{0,1}\d+$/} @@flist) { if(-l $_) { unlink $_; print "unlink $_" if $verbose; } d77 2 a78 1 FILE: foreach $fname (grep {/\.(pem)|(crt)|(cer)|(crl)$/} @@flist) { d120 1 a120 1 my ($hash, $fprint) = `"$openssl" x509 $x509hash -fingerprint -noout -in "$fname"`; d136 2 a139 1 print "link $fname -> $hash\n" if $verbose; a145 1 print "copy $fname -> $hash\n" if $verbose; d155 1 a155 1 my ($hash, $fprint) = `"$openssl" crl $crlhash -fingerprint -noout -in '$fname'`; d171 2 a174 1 print "link $fname -> $hash\n" if $verbose; a176 1 print "cp $fname -> $hash\n" if $verbose; @ 1.1.1.2 log @Import of OpenSSL 1.0.2j. The 1.0.2 branch of OpenSSL is the current long term support branch. Differences between 1.0.1 and 1.0.2: o Suite B support for TLS 1.2 and DTLS 1.2 o Support for DTLS 1.2 o TLS automatic EC curve selection. o API to set TLS supported signature algorithms and curves o SSL_CONF configuration API. o TLS Brainpool support. o ALPN support. o CMS support for RSA-PSS, RSA-OAEP, ECDH and X9.42 DH. Security fixes from the previous version (1.0.1t) in NetBSD: o OCSP Status Request extension unbounded memory growth (CVE-2016-6304) o SWEET32 Mitigation (CVE-2016-2183) o OOB write in MDC2_Update() (CVE-2016-6303) o Malformed SHA512 ticket DoS (CVE-2016-6302) o OOB write in BN_bn2dec() (CVE-2016-2182) o OOB read in TS_OBJ_print_bio() (CVE-2016-2180) o Pointer arithmetic undefined behaviour (CVE-2016-2177) o Constant time flag not preserved in DSA signing (CVE-2016-2178) o DTLS buffered message DoS (CVE-2016-2179) o DTLS replay protection DoS (CVE-2016-2181) o Certificate message OOB reads (CVE-2016-6306) @ text @d3 1 d7 2 d12 5 a16 34 my $openssl = $ENV{OPENSSL} || "openssl"; my $pwd; my $x509hash = "-subject_hash"; my $crlhash = "-hash"; my $verbose = 0; my $symlink_exists=eval {symlink("",""); 1}; my $removelinks = 1; ## Parse flags. while ( $ARGV[0] =~ /^-/ ) { my $flag = shift @@ARGV; last if ( $flag eq '--'); if ( $flag eq '-old') { $x509hash = "-subject_hash_old"; $crlhash = "-hash_old"; } elsif ( $flag eq '-h') { help(); } elsif ( $flag eq '-n' ) { $removelinks = 0; } elsif ( $flag eq '-v' ) { $verbose++; } else { print STDERR "Usage error; try -help.\n"; exit 1; } } sub help { print "Usage: c_rehash [-old] [-h] [-v] [dirs...]\n"; print " -old use old-style digest\n"; print " -h print this help text\n"; print " -v print files removed and linked\n"; exit 0; d19 1 d24 1 a24 2 $pwd=`pwd`; chomp($pwd); d26 1 d28 1 a28 3 # DOS/Win32 or Unix delimiter? Prefix our installdir, then search. my $path_delim = ($pwd =~ /^[a-z]\:/i) ? ';' : ':'; $ENV{PATH} = "$prefix/bin" . ($ENV{PATH} ? $path_delim . $ENV{PATH} : ""); d71 4 a74 8 closedir DIR; if ( $removelinks ) { # Delete any existing symbolic links foreach (grep {/^[\da-f]+\.r{0,1}\d+$/} @@flist) { if(-l $_) { unlink $_; print "unlink $_" if $verbose; } d77 2 a78 1 FILE: foreach $fname (grep {/\.(pem)|(crt)|(cer)|(crl)$/} @@flist) { d120 1 a120 1 my ($hash, $fprint) = `"$openssl" x509 $x509hash -fingerprint -noout -in "$fname"`; d136 2 a139 1 print "link $fname -> $hash\n" if $verbose; a145 1 print "copy $fname -> $hash\n" if $verbose; d155 1 a155 1 my ($hash, $fprint) = `"$openssl" crl $crlhash -fingerprint -noout -in '$fname'`; d171 2 a174 1 print "link $fname -> $hash\n" if $verbose; a176 1 print "cp $fname -> $hash\n" if $verbose; @ 1.1.1.1.6.1 log @file c_rehash was added on branch yamt-pagecache on 2012-10-30 18:47:24 +0000 @ text @d1 180 @ 1.1.1.1.6.2 log @sync with head @ text @a0 180 #!/usr/bin/perl # Perl c_rehash script, scan all files in a directory # and add symbolic links to their hash values. my $openssl; my $dir = "/usr/local/ssl"; my $prefix = "/usr/local/ssl"; if(defined $ENV{OPENSSL}) { $openssl = $ENV{OPENSSL}; } else { $openssl = "openssl"; $ENV{OPENSSL} = $openssl; } my $pwd; eval "require Cwd"; if (defined(&Cwd::getcwd)) { $pwd=Cwd::getcwd(); } else { $pwd=`pwd`; chomp($pwd); } my $path_delim = ($pwd =~ /^[a-z]\:/i) ? ';' : ':'; # DOS/Win32 or Unix delimiter? $ENV{PATH} = "$prefix/bin" . ($ENV{PATH} ? $path_delim . $ENV{PATH} : ""); # prefix our path if(! -x $openssl) { my $found = 0; foreach (split /$path_delim/, $ENV{PATH}) { if(-x "$_/$openssl") { $found = 1; $openssl = "$_/$openssl"; last; } } if($found == 0) { print STDERR "c_rehash: rehashing skipped ('openssl' program not available)\n"; exit 0; } } if(@@ARGV) { @@dirlist = @@ARGV; } elsif($ENV{SSL_CERT_DIR}) { @@dirlist = split /$path_delim/, $ENV{SSL_CERT_DIR}; } else { $dirlist[0] = "$dir/certs"; } if (-d $dirlist[0]) { chdir $dirlist[0]; $openssl="$pwd/$openssl" if (!-x $openssl); chdir $pwd; } foreach (@@dirlist) { if(-d $_ and -w $_) { hash_dir($_); } } sub hash_dir { my %hashlist; print "Doing $_[0]\n"; chdir $_[0]; opendir(DIR, "."); my @@flist = readdir(DIR); # Delete any existing symbolic links foreach (grep {/^[\da-f]+\.r{0,1}\d+$/} @@flist) { if(-l $_) { unlink $_; } } closedir DIR; FILE: foreach $fname (grep {/\.pem$/} @@flist) { # Check to see if certificates and/or CRLs present. my ($cert, $crl) = check_file($fname); if(!$cert && !$crl) { print STDERR "WARNING: $fname does not contain a certificate or CRL: skipping\n"; next; } link_hash_cert($fname) if($cert); link_hash_crl($fname) if($crl); } } sub check_file { my ($is_cert, $is_crl) = (0,0); my $fname = $_[0]; open IN, $fname; while() { if(/^-----BEGIN (.*)-----/) { my $hdr = $1; if($hdr =~ /^(X509 |TRUSTED |)CERTIFICATE$/) { $is_cert = 1; last if($is_crl); } elsif($hdr eq "X509 CRL") { $is_crl = 1; last if($is_cert); } } } close IN; return ($is_cert, $is_crl); } # Link a certificate to its subject name hash value, each hash is of # the form . where n is an integer. If the hash value already exists # then we need to up the value of n, unless its a duplicate in which # case we skip the link. We check for duplicates by comparing the # certificate fingerprints sub link_hash_cert { my $fname = $_[0]; $fname =~ s/'/'\\''/g; my ($hash, $fprint) = `"$openssl" x509 -hash -fingerprint -noout -in "$fname"`; chomp $hash; chomp $fprint; $fprint =~ s/^.*=//; $fprint =~ tr/://d; my $suffix = 0; # Search for an unused hash filename while(exists $hashlist{"$hash.$suffix"}) { # Hash matches: if fingerprint matches its a duplicate cert if($hashlist{"$hash.$suffix"} eq $fprint) { print STDERR "WARNING: Skipping duplicate certificate $fname\n"; return; } $suffix++; } $hash .= ".$suffix"; print "$fname => $hash\n"; $symlink_exists=eval {symlink("",""); 1}; if ($symlink_exists) { symlink $fname, $hash; } else { open IN,"<$fname" or die "can't open $fname for read"; open OUT,">$hash" or die "can't open $hash for write"; print OUT ; # does the job for small text files close OUT; close IN; } $hashlist{$hash} = $fprint; } # Same as above except for a CRL. CRL links are of the form .r sub link_hash_crl { my $fname = $_[0]; $fname =~ s/'/'\\''/g; my ($hash, $fprint) = `"$openssl" crl -hash -fingerprint -noout -in '$fname'`; chomp $hash; chomp $fprint; $fprint =~ s/^.*=//; $fprint =~ tr/://d; my $suffix = 0; # Search for an unused hash filename while(exists $hashlist{"$hash.r$suffix"}) { # Hash matches: if fingerprint matches its a duplicate cert if($hashlist{"$hash.r$suffix"} eq $fprint) { print STDERR "WARNING: Skipping duplicate CRL $fname\n"; return; } $suffix++; } $hash .= ".r$suffix"; print "$fname => $hash\n"; $symlink_exists=eval {symlink("",""); 1}; if ($symlink_exists) { symlink $fname, $hash; } else { system ("cp", $fname, $hash); } $hashlist{$hash} = $fprint; } @ 1.1.1.1.2.1 log @file c_rehash was added on branch netbsd-6 on 2012-08-14 07:57:00 +0000 @ text @d1 180 @ 1.1.1.1.2.2 log @Pull up following revision(s) (requested by christos in ticket #491): Update OpenSSL to version 1.0.1c. @ text @a0 180 #!/usr/bin/perl # Perl c_rehash script, scan all files in a directory # and add symbolic links to their hash values. my $openssl; my $dir = "/usr/local/ssl"; my $prefix = "/usr/local/ssl"; if(defined $ENV{OPENSSL}) { $openssl = $ENV{OPENSSL}; } else { $openssl = "openssl"; $ENV{OPENSSL} = $openssl; } my $pwd; eval "require Cwd"; if (defined(&Cwd::getcwd)) { $pwd=Cwd::getcwd(); } else { $pwd=`pwd`; chomp($pwd); } my $path_delim = ($pwd =~ /^[a-z]\:/i) ? ';' : ':'; # DOS/Win32 or Unix delimiter? $ENV{PATH} = "$prefix/bin" . ($ENV{PATH} ? $path_delim . $ENV{PATH} : ""); # prefix our path if(! -x $openssl) { my $found = 0; foreach (split /$path_delim/, $ENV{PATH}) { if(-x "$_/$openssl") { $found = 1; $openssl = "$_/$openssl"; last; } } if($found == 0) { print STDERR "c_rehash: rehashing skipped ('openssl' program not available)\n"; exit 0; } } if(@@ARGV) { @@dirlist = @@ARGV; } elsif($ENV{SSL_CERT_DIR}) { @@dirlist = split /$path_delim/, $ENV{SSL_CERT_DIR}; } else { $dirlist[0] = "$dir/certs"; } if (-d $dirlist[0]) { chdir $dirlist[0]; $openssl="$pwd/$openssl" if (!-x $openssl); chdir $pwd; } foreach (@@dirlist) { if(-d $_ and -w $_) { hash_dir($_); } } sub hash_dir { my %hashlist; print "Doing $_[0]\n"; chdir $_[0]; opendir(DIR, "."); my @@flist = readdir(DIR); # Delete any existing symbolic links foreach (grep {/^[\da-f]+\.r{0,1}\d+$/} @@flist) { if(-l $_) { unlink $_; } } closedir DIR; FILE: foreach $fname (grep {/\.pem$/} @@flist) { # Check to see if certificates and/or CRLs present. my ($cert, $crl) = check_file($fname); if(!$cert && !$crl) { print STDERR "WARNING: $fname does not contain a certificate or CRL: skipping\n"; next; } link_hash_cert($fname) if($cert); link_hash_crl($fname) if($crl); } } sub check_file { my ($is_cert, $is_crl) = (0,0); my $fname = $_[0]; open IN, $fname; while() { if(/^-----BEGIN (.*)-----/) { my $hdr = $1; if($hdr =~ /^(X509 |TRUSTED |)CERTIFICATE$/) { $is_cert = 1; last if($is_crl); } elsif($hdr eq "X509 CRL") { $is_crl = 1; last if($is_cert); } } } close IN; return ($is_cert, $is_crl); } # Link a certificate to its subject name hash value, each hash is of # the form . where n is an integer. If the hash value already exists # then we need to up the value of n, unless its a duplicate in which # case we skip the link. We check for duplicates by comparing the # certificate fingerprints sub link_hash_cert { my $fname = $_[0]; $fname =~ s/'/'\\''/g; my ($hash, $fprint) = `"$openssl" x509 -hash -fingerprint -noout -in "$fname"`; chomp $hash; chomp $fprint; $fprint =~ s/^.*=//; $fprint =~ tr/://d; my $suffix = 0; # Search for an unused hash filename while(exists $hashlist{"$hash.$suffix"}) { # Hash matches: if fingerprint matches its a duplicate cert if($hashlist{"$hash.$suffix"} eq $fprint) { print STDERR "WARNING: Skipping duplicate certificate $fname\n"; return; } $suffix++; } $hash .= ".$suffix"; print "$fname => $hash\n"; $symlink_exists=eval {symlink("",""); 1}; if ($symlink_exists) { symlink $fname, $hash; } else { open IN,"<$fname" or die "can't open $fname for read"; open OUT,">$hash" or die "can't open $hash for write"; print OUT ; # does the job for small text files close OUT; close IN; } $hashlist{$hash} = $fprint; } # Same as above except for a CRL. CRL links are of the form .r sub link_hash_crl { my $fname = $_[0]; $fname =~ s/'/'\\''/g; my ($hash, $fprint) = `"$openssl" crl -hash -fingerprint -noout -in '$fname'`; chomp $hash; chomp $fprint; $fprint =~ s/^.*=//; $fprint =~ tr/://d; my $suffix = 0; # Search for an unused hash filename while(exists $hashlist{"$hash.r$suffix"}) { # Hash matches: if fingerprint matches its a duplicate cert if($hashlist{"$hash.r$suffix"} eq $fprint) { print STDERR "WARNING: Skipping duplicate CRL $fname\n"; return; } $suffix++; } $hash .= ".r$suffix"; print "$fname => $hash\n"; $symlink_exists=eval {symlink("",""); 1}; if ($symlink_exists) { symlink $fname, $hash; } else { system ("cp", $fname, $hash); } $hashlist{$hash} = $fprint; } @