head	1.3;
access;
symbols
	RELENG_8_4:1.3.0.2
	RELENG_9_1_0_RELEASE:1.2
	RELENG_9_1:1.2.0.6
	RELENG_9_1_BP:1.2
	RELENG_8_3_0_RELEASE:1.1.1.11.10.1
	RELENG_8_3:1.1.1.11.10.1.0.4
	RELENG_8_3_BP:1.1.1.11.10.1
	RELENG_9_0_0_RELEASE:1.2
	RELENG_9_0:1.2.0.4
	RELENG_9_0_BP:1.2
	RELENG_9:1.2.0.2
	RELENG_9_BP:1.2
	RELENG_7_4_0_RELEASE:1.1.1.11.2.1
	RELENG_8_2_0_RELEASE:1.1.1.11.10.1
	RELENG_7_4:1.1.1.11.2.1.0.2
	RELENG_7_4_BP:1.1.1.11.2.1
	RELENG_8_2:1.1.1.11.10.1.0.2
	RELENG_8_2_BP:1.1.1.11.10.1
	RELENG_8_1_0_RELEASE:1.1.1.11
	RELENG_8_1:1.1.1.11.0.16
	RELENG_8_1_BP:1.1.1.11
	RELENG_7_3_0_RELEASE:1.1.1.11
	RELENG_7_3:1.1.1.11.0.14
	RELENG_7_3_BP:1.1.1.11
	RELENG_8_0_0_RELEASE:1.1.1.11
	RELENG_8_0:1.1.1.11.0.12
	RELENG_8_0_BP:1.1.1.11
	RELENG_8:1.1.1.11.0.10
	RELENG_8_BP:1.1.1.11
	RELENG_7_2_0_RELEASE:1.1.1.11
	RELENG_7_2:1.1.1.11.0.8
	RELENG_7_2_BP:1.1.1.11
	RELENG_7_1_0_RELEASE:1.1.1.11
	RELENG_6_4_0_RELEASE:1.1.1.9
	RELENG_7_1:1.1.1.11.0.6
	RELENG_7_1_BP:1.1.1.11
	RELENG_6_4:1.1.1.9.0.12
	RELENG_6_4_BP:1.1.1.9
	RELENG_7_0_0_RELEASE:1.1.1.11
	RELENG_6_3_0_RELEASE:1.1.1.9
	RELENG_7_0:1.1.1.11.0.4
	RELENG_7_0_BP:1.1.1.11
	RELENG_6_3:1.1.1.9.0.10
	RELENG_6_3_BP:1.1.1.9
	RELENG_7:1.1.1.11.0.2
	RELENG_7_BP:1.1.1.11
	v0_9_8e:1.1.1.11
	RELENG_6_2_0_RELEASE:1.1.1.9
	RELENG_6_2:1.1.1.9.0.8
	RELENG_6_2_BP:1.1.1.9
	v0_9_8d:1.1.1.10
	v0_9_8b:1.1.1.9
	RELENG_5_5_0_RELEASE:1.1.1.8.2.1
	RELENG_5_5:1.1.1.8.2.1.0.4
	RELENG_5_5_BP:1.1.1.8.2.1
	RELENG_6_1_0_RELEASE:1.1.1.9
	RELENG_6_1:1.1.1.9.0.6
	RELENG_6_1_BP:1.1.1.9
	RELENG_6_0_0_RELEASE:1.1.1.9
	RELENG_6_0:1.1.1.9.0.4
	RELENG_6_0_BP:1.1.1.9
	RELENG_6:1.1.1.9.0.2
	RELENG_6_BP:1.1.1.9
	RELENG_5_4_0_RELEASE:1.1.1.8.2.1
	RELENG_5_4:1.1.1.8.2.1.0.2
	RELENG_5_4_BP:1.1.1.8.2.1
	v0_9_7e:1.1.1.9
	RELENG_4_11_0_RELEASE:1.1.1.1.2.7
	RELENG_4_11:1.1.1.1.2.7.0.4
	RELENG_4_11_BP:1.1.1.1.2.7
	RELENG_5_3_0_RELEASE:1.1.1.8
	RELENG_5_3:1.1.1.8.0.4
	RELENG_5_3_BP:1.1.1.8
	RELENG_5:1.1.1.8.0.2
	RELENG_5_BP:1.1.1.8
	RELENG_4_10_0_RELEASE:1.1.1.1.2.7
	RELENG_4_10:1.1.1.1.2.7.0.2
	RELENG_4_10_BP:1.1.1.1.2.7
	v0_9_7d:1.1.1.8
	RELENG_5_2_1_RELEASE:1.1.1.7
	RELENG_5_2_0_RELEASE:1.1.1.7
	RELENG_5_2:1.1.1.7.0.2
	RELENG_5_2_BP:1.1.1.7
	RELENG_4_9_0_RELEASE:1.1.1.1.2.6
	RELENG_4_9:1.1.1.1.2.6.0.2
	RELENG_4_9_BP:1.1.1.1.2.6
	v0_9_7c:1.1.1.7
	RELENG_5_1_0_RELEASE:1.1.1.6
	RELENG_5_1:1.1.1.6.0.2
	RELENG_5_1_BP:1.1.1.6
	RELENG_4_8_0_RELEASE:1.1.1.1.2.5
	RELENG_4_8:1.1.1.1.2.5.0.2
	RELENG_4_8_BP:1.1.1.1.2.5
	v0_9_7a:1.1.1.6
	v0_9_7:1.1.1.6
	RELENG_5_0_0_RELEASE:1.1.1.5
	RELENG_5_0:1.1.1.5.0.2
	RELENG_5_0_BP:1.1.1.5
	RELENG_4_7_0_RELEASE:1.1.1.1.2.4
	RELENG_4_7:1.1.1.1.2.4.0.2
	RELENG_4_7_BP:1.1.1.1.2.4
	RELENG_4_6_2_RELEASE:1.1.1.1.2.2.6.1
	v0_9_6g:1.1.1.5
	v0_9_6f:1.1.1.5
	v0_9_6e:1.1.1.4
	v0_9_6d:1.1.1.3
	RELENG_4_6_1_RELEASE:1.1.1.1.2.2
	RELENG_4_6_0_RELEASE:1.1.1.1.2.2
	RELENG_4_6:1.1.1.1.2.2.0.6
	RELENG_4_6_BP:1.1.1.1.2.2
	RELENG_4_5_0_RELEASE:1.1.1.1.2.2
	v0_9_6c:1.1.1.3
	RELENG_4_5:1.1.1.1.2.2.0.4
	RELENG_4_5_BP:1.1.1.1.2.2
	RELENG_4_4_0_RELEASE:1.1.1.1.2.2
	RELENG_4_4:1.1.1.1.2.2.0.2
	RELENG_4_4_BP:1.1.1.1.2.2
	v0_9_6b:1.1.1.3
	v0_9_6a:1.1.1.3
	RELENG_4_3_0_RELEASE:1.1.1.1.2.1
	RELENG_4_3:1.1.1.1.2.1.0.2
	RELENG_4_3_BP:1.1.1.1.2.1
	RELENG_4_2_0_RELEASE:1.1.1.1
	v0_9_6:1.1.1.2
	RELENG_4_1_1_RELEASE:1.1.1.1
	PRE_SMPNG:1.1.1.1
	RELENG_4_1_0_RELEASE:1.1.1.1
	v0_9_5a:1.1.1.1
	RELENG_4_0_0_RELEASE:1.1.1.1
	RELENG_4:1.1.1.1.0.2
	RELENG_4_BP:1.1.1.1
	v0_9_4:1.1.1.1
	OPENSSL:1.1.1;
locks; strict;
comment	@# @;


1.3
date	2012.07.12.19.30.53;	author jkim;	state dead;
branches
	1.3.2.1;
next	1.2;

1.2
date	2010.11.22.18.23.44;	author simon;	state Exp;
branches;
next	1.1;

1.1
date	2000.01.10.06.22.04;	author kris;	state Exp;
branches
	1.1.1.1;
next	;

1.3.2.1
date	2012.07.12.19.30.53;	author svnexp;	state dead;
branches;
next	1.3.2.2;

1.3.2.2
date	2013.03.28.13.02.41;	author svnexp;	state Exp;
branches;
next	;

1.1.1.1
date	2000.01.10.06.22.04;	author kris;	state Exp;
branches
	1.1.1.1.2.1;
next	1.1.1.2;

1.1.1.2
date	2000.11.13.01.03.39;	author kris;	state Exp;
branches;
next	1.1.1.3;

1.1.1.3
date	2001.05.20.03.07.18;	author kris;	state Exp;
branches;
next	1.1.1.4;

1.1.1.4
date	2002.07.30.13.38.05;	author nectar;	state Exp;
branches;
next	1.1.1.5;

1.1.1.5
date	2002.08.10.01.46.08;	author nectar;	state Exp;
branches
	1.1.1.5.2.1;
next	1.1.1.6;

1.1.1.6
date	2003.01.28.21.42.36;	author markm;	state Exp;
branches;
next	1.1.1.7;

1.1.1.7
date	2003.10.01.12.32.41;	author nectar;	state Exp;
branches;
next	1.1.1.8;

1.1.1.8
date	2004.03.17.15.49.20;	author nectar;	state Exp;
branches
	1.1.1.8.2.1;
next	1.1.1.9;

1.1.1.9
date	2005.02.25.05.38.52;	author nectar;	state Exp;
branches;
next	1.1.1.10;

1.1.1.10
date	2006.10.01.07.38.35;	author simon;	state Exp;
branches;
next	1.1.1.11;

1.1.1.11
date	2007.03.15.20.03.28;	author simon;	state Exp;
branches
	1.1.1.11.2.1
	1.1.1.11.10.1;
next	;

1.1.1.1.2.1
date	2000.11.26.11.34.18;	author kris;	state Exp;
branches;
next	1.1.1.1.2.2;

1.1.1.1.2.2
date	2001.07.04.23.19.48;	author kris;	state Exp;
branches
	1.1.1.1.2.2.2.1
	1.1.1.1.2.2.4.1
	1.1.1.1.2.2.6.1;
next	1.1.1.1.2.3;

1.1.1.1.2.3
date	2002.07.30.22.06.08;	author nectar;	state Exp;
branches;
next	1.1.1.1.2.4;

1.1.1.1.2.4
date	2002.08.11.14.14.00;	author nectar;	state Exp;
branches
	1.1.1.1.2.4.2.1;
next	1.1.1.1.2.5;

1.1.1.1.2.5
date	2003.02.14.22.38.12;	author nectar;	state Exp;
branches;
next	1.1.1.1.2.6;

1.1.1.1.2.6
date	2003.10.03.01.32.14;	author nectar;	state Exp;
branches;
next	1.1.1.1.2.7;

1.1.1.1.2.7
date	2004.04.02.01.11.19;	author nectar;	state Exp;
branches;
next	;

1.1.1.1.2.2.2.1
date	2002.07.31.16.41.25;	author nectar;	state Exp;
branches;
next	;

1.1.1.1.2.2.4.1
date	2002.07.31.14.05.31;	author nectar;	state Exp;
branches;
next	;

1.1.1.1.2.2.6.1
date	2002.07.31.02.55.09;	author nectar;	state Exp;
branches;
next	1.1.1.1.2.2.6.2;

1.1.1.1.2.2.6.2
date	2003.02.21.16.33.01;	author nectar;	state Exp;
branches;
next	;

1.1.1.1.2.4.2.1
date	2003.02.20.20.42.20;	author nectar;	state Exp;
branches;
next	;

1.1.1.5.2.1
date	2003.02.20.17.14.22;	author nectar;	state Exp;
branches;
next	;

1.1.1.8.2.1
date	2005.03.01.16.47.37;	author nectar;	state Exp;
branches;
next	;

1.1.1.11.2.1
date	2010.11.28.13.45.51;	author simon;	state Exp;
branches;
next	;

1.1.1.11.10.1
date	2010.11.26.22.50.58;	author simon;	state Exp;
branches;
next	;


desc
@@


1.3
log
@SVN rev 238405 on 2012-07-12 19:30:53Z by jkim

Merge OpenSSL 1.0.1c.

Approved by:	benl (maintainer)
@
text
@#!/usr/bin/perl


# Perl c_rehash script, scan all files in a directory
# and add symbolic links to their hash values.

my $openssl;

my $dir = "/usr/local/ssl";
my $prefix = "/usr/local/ssl";

if(defined $ENV{OPENSSL}) {
	$openssl = $ENV{OPENSSL};
} else {
	$openssl = "openssl";
	$ENV{OPENSSL} = $openssl;
}

$ENV{PATH} .= ":$dir/bin";

if(! -x $openssl) {
	my $found = 0;
	foreach (split /:/, $ENV{PATH}) {
		if(-x "$_/$openssl") {
			$found = 1;
			last;
		}	
	}
	if($found == 0) {
		print STDERR "c_rehash: rehashing skipped ('openssl' program not available)\n";
		exit 0;
	}
}

if(@@ARGV) {
	@@dirlist = @@ARGV;
} elsif($ENV{SSL_CERT_DIR}) {
	@@dirlist = split /:/, $ENV{SSL_CERT_DIR};
} else {
	$dirlist[0] = "$dir/certs";
}


foreach (@@dirlist) {
	if(-d $_ and -w $_) {
		hash_dir($_);
	}
}

sub hash_dir {
	my %hashlist;
	print "Doing $_[0]\n";
	chdir $_[0];
	opendir(DIR, ".");
	my @@flist = readdir(DIR);
	# Delete any existing symbolic links
	foreach (grep {/^[\da-f]+\.r{0,1}\d+$/} @@flist) {
		if(-l $_) {
			unlink $_;
		}
	}
	closedir DIR;
	FILE: foreach $fname (grep {/\.pem$/} @@flist) {
		# Check to see if certificates and/or CRLs present.
		my ($cert, $crl) = check_file($fname);
		if(!$cert && !$crl) {
			print STDERR "WARNING: $fname does not contain a certificate or CRL: skipping\n";
			next;
		}
		link_hash_cert($fname) if($cert);
		link_hash_crl($fname) if($crl);
	}
}

sub check_file {
	my ($is_cert, $is_crl) = (0,0);
	my $fname = $_[0];
	open IN, $fname;
	while(<IN>) {
		if(/^-----BEGIN (.*)-----/) {
			my $hdr = $1;
			if($hdr =~ /^(X509 |TRUSTED |)CERTIFICATE$/) {
				$is_cert = 1;
				last if($is_crl);
			} elsif($hdr eq "X509 CRL") {
				$is_crl = 1;
				last if($is_cert);
			}
		}
	}
	close IN;
	return ($is_cert, $is_crl);
}


# Link a certificate to its subject name hash value, each hash is of
# the form <hash>.<n> where n is an integer. If the hash value already exists
# then we need to up the value of n, unless its a duplicate in which
# case we skip the link. We check for duplicates by comparing the
# certificate fingerprints

sub link_hash_cert {
		my $fname = $_[0];
		$fname =~ s/'/'\\''/g;
		my ($hash, $fprint) = `"$openssl" x509 -hash -fingerprint -noout -in '$fname'`;
		chomp $hash;
		chomp $fprint;
		$fprint =~ s/^.*=//;
		$fprint =~ tr/://d;
		my $suffix = 0;
		# Search for an unused hash filename
		while(exists $hashlist{"$hash.$suffix"}) {
			# Hash matches: if fingerprint matches its a duplicate cert
			if($hashlist{"$hash.$suffix"} eq $fprint) {
				print STDERR "WARNING: Skipping duplicate certificate $fname\n";
				return;
			}
			$suffix++;
		}
		$hash .= ".$suffix";
		print "$fname => $hash\n";
		$symlink_exists=eval {symlink("",""); 1};
		if ($symlink_exists) {
			symlink $fname, $hash;
		} else {
			system ("cp", $fname, $hash);
		}
		$hashlist{$hash} = $fprint;
}

# Same as above except for a CRL. CRL links are of the form <hash>.r<n>

sub link_hash_crl {
		my $fname = $_[0];
		$fname =~ s/'/'\\''/g;
		my ($hash, $fprint) = `"$openssl" crl -hash -fingerprint -noout -in '$fname'`;
		chomp $hash;
		chomp $fprint;
		$fprint =~ s/^.*=//;
		$fprint =~ tr/://d;
		my $suffix = 0;
		# Search for an unused hash filename
		while(exists $hashlist{"$hash.r$suffix"}) {
			# Hash matches: if fingerprint matches its a duplicate cert
			if($hashlist{"$hash.r$suffix"} eq $fprint) {
				print STDERR "WARNING: Skipping duplicate CRL $fname\n";
				return;
			}
			$suffix++;
		}
		$hash .= ".r$suffix";
		print "$fname => $hash\n";
		$symlink_exists=eval {symlink("",""); 1};
		if ($symlink_exists) {
			symlink $fname, $hash;
		} else {
			system ("cp", $fname, $hash);
		}
		$hashlist{$hash} = $fprint;
}

@


1.3.2.1
log
@file c_rehash was added on branch RELENG_8_4 on 2013-03-28 13:02:41 +0000
@
text
@d1 161
@


1.3.2.2
log
@## SVN ## Exported commit - http://svnweb.freebsd.org/changeset/base/248810
## SVN ## CVS IS DEPRECATED: http://wiki.freebsd.org/CvsIsDeprecated
@
text
@a0 161
#!/usr/bin/perl


# Perl c_rehash script, scan all files in a directory
# and add symbolic links to their hash values.

my $openssl;

my $dir = "/usr/local/ssl";
my $prefix = "/usr/local/ssl";

if(defined $ENV{OPENSSL}) {
	$openssl = $ENV{OPENSSL};
} else {
	$openssl = "openssl";
	$ENV{OPENSSL} = $openssl;
}

$ENV{PATH} .= ":$dir/bin";

if(! -x $openssl) {
	my $found = 0;
	foreach (split /:/, $ENV{PATH}) {
		if(-x "$_/$openssl") {
			$found = 1;
			last;
		}	
	}
	if($found == 0) {
		print STDERR "c_rehash: rehashing skipped ('openssl' program not available)\n";
		exit 0;
	}
}

if(@@ARGV) {
	@@dirlist = @@ARGV;
} elsif($ENV{SSL_CERT_DIR}) {
	@@dirlist = split /:/, $ENV{SSL_CERT_DIR};
} else {
	$dirlist[0] = "$dir/certs";
}


foreach (@@dirlist) {
	if(-d $_ and -w $_) {
		hash_dir($_);
	}
}

sub hash_dir {
	my %hashlist;
	print "Doing $_[0]\n";
	chdir $_[0];
	opendir(DIR, ".");
	my @@flist = readdir(DIR);
	# Delete any existing symbolic links
	foreach (grep {/^[\da-f]+\.r{0,1}\d+$/} @@flist) {
		if(-l $_) {
			unlink $_;
		}
	}
	closedir DIR;
	FILE: foreach $fname (grep {/\.pem$/} @@flist) {
		# Check to see if certificates and/or CRLs present.
		my ($cert, $crl) = check_file($fname);
		if(!$cert && !$crl) {
			print STDERR "WARNING: $fname does not contain a certificate or CRL: skipping\n";
			next;
		}
		link_hash_cert($fname) if($cert);
		link_hash_crl($fname) if($crl);
	}
}

sub check_file {
	my ($is_cert, $is_crl) = (0,0);
	my $fname = $_[0];
	open IN, $fname;
	while(<IN>) {
		if(/^-----BEGIN (.*)-----/) {
			my $hdr = $1;
			if($hdr =~ /^(X509 |TRUSTED |)CERTIFICATE$/) {
				$is_cert = 1;
				last if($is_crl);
			} elsif($hdr eq "X509 CRL") {
				$is_crl = 1;
				last if($is_cert);
			}
		}
	}
	close IN;
	return ($is_cert, $is_crl);
}


# Link a certificate to its subject name hash value, each hash is of
# the form <hash>.<n> where n is an integer. If the hash value already exists
# then we need to up the value of n, unless its a duplicate in which
# case we skip the link. We check for duplicates by comparing the
# certificate fingerprints

sub link_hash_cert {
		my $fname = $_[0];
		$fname =~ s/'/'\\''/g;
		my ($hash, $fprint) = `"$openssl" x509 -hash -fingerprint -noout -in '$fname'`;
		chomp $hash;
		chomp $fprint;
		$fprint =~ s/^.*=//;
		$fprint =~ tr/://d;
		my $suffix = 0;
		# Search for an unused hash filename
		while(exists $hashlist{"$hash.$suffix"}) {
			# Hash matches: if fingerprint matches its a duplicate cert
			if($hashlist{"$hash.$suffix"} eq $fprint) {
				print STDERR "WARNING: Skipping duplicate certificate $fname\n";
				return;
			}
			$suffix++;
		}
		$hash .= ".$suffix";
		print "$fname => $hash\n";
		$symlink_exists=eval {symlink("",""); 1};
		if ($symlink_exists) {
			symlink $fname, $hash;
		} else {
			system ("cp", $fname, $hash);
		}
		$hashlist{$hash} = $fprint;
}

# Same as above except for a CRL. CRL links are of the form <hash>.r<n>

sub link_hash_crl {
		my $fname = $_[0];
		$fname =~ s/'/'\\''/g;
		my ($hash, $fprint) = `"$openssl" crl -hash -fingerprint -noout -in '$fname'`;
		chomp $hash;
		chomp $fprint;
		$fprint =~ s/^.*=//;
		$fprint =~ tr/://d;
		my $suffix = 0;
		# Search for an unused hash filename
		while(exists $hashlist{"$hash.r$suffix"}) {
			# Hash matches: if fingerprint matches its a duplicate cert
			if($hashlist{"$hash.r$suffix"} eq $fprint) {
				print STDERR "WARNING: Skipping duplicate CRL $fname\n";
				return;
			}
			$suffix++;
		}
		$hash .= ".r$suffix";
		print "$fname => $hash\n";
		$symlink_exists=eval {symlink("",""); 1};
		if ($symlink_exists) {
			symlink $fname, $hash;
		} else {
			system ("cp", $fname, $hash);
		}
		$hashlist{$hash} = $fprint;
}

@


1.2
log
@SVN rev 215697 on 2010-11-22 18:23:44Z by simon

Merge OpenSSL 0.9.8p into head.

Security:	CVE-2010-3864
Security:	http://www.openssl.org/news/secadv_20101116.txt
@
text
@@


1.1
log
@Initial revision
@
text
@d1 161
a161 61
#!/bin/sh
#
# redo the hashes for the certificates in your cert path or the ones passed
# on the command line.
#

if [ "$OPENSSL"x = "x" -o ! -x "$OPENSSL" ]; then
	OPENSSL='openssl'
	export OPENSSL
fi
DIR=/usr/local/ssl
PATH=$DIR/bin:$PATH

if [ ! -f "$OPENSSL" ]; then
    found=0
    for dir in . `echo $PATH | sed -e 's/:/ /g'`; do
        if [ -f "$dir/$OPENSSL" ]; then
            found=1
            break
        fi
    done
    if [ $found = 0 ]; then
        echo "c_rehash: rehashing skipped ('openssl' program not available)" 1>&2
        exit 0
    fi
fi

SSL_DIR=$DIR/certs

if [ "$*" = "" ]; then
	CERTS=${*:-${SSL_CERT_DIR:-$SSL_DIR}}
else
	CERTS=$*
fi

IFS=': '
for i in $CERTS
do
  (
  IFS=' '
  if [ -d $i -a -w $i ]; then
    cd $i
    echo "Doing $i"
    for i in *.pem
    do
      if [ $i != '*.pem' ]; then
        h=`$OPENSSL x509 -hash -noout -in $i`
	if [ "x$h" = "x" ]; then
	  echo $i does not contain a certificate
	else
          if [ -f $h.0 ]; then
            /bin/rm -f $h.0
          fi
          echo "$i => $h.0"
          ln -s $i $h.0
	fi
      fi
    done
  fi
  )
done
@


1.1.1.1
log
@Initial import of OpenSSL 0.9.4, sans IDEA and RSA code for patent
infringement reasons.
@
text
@@


1.1.1.1.2.1
log
@MFC: OpenSSL 0.9.6
@
text
@d1 61
a61 148
#!/usr/local/bin/perl


# Perl c_rehash script, scan all files in a directory
# and add symbolic links to their hash values.

my $openssl;

my $dir = "/usr/local/ssl";

if(defined $ENV{OPENSSL}) {
	$openssl = $ENV{OPENSSL};
} else {
	$openssl = "openssl";
	$ENV{OPENSSL} = $openssl;
}

$ENV{PATH} .= ":$dir/bin";

if(! -f $openssl) {
	my $found = 0;
	foreach (split /:/, $ENV{PATH}) {
		if(-f "$_/$openssl") {
			$found = 1;
			last;
		}	
	}
	if($found == 0) {
		print STDERR "c_rehash: rehashing skipped ('openssl' program not available)\n";
		exit 0;
	}
}

if(@@ARGV) {
	@@dirlist = @@ARGV;
} elsif($ENV{SSL_CERT_DIR}) {
	@@dirlist = split /:/, $ENV{SSL_CERT_DIR};
} else {
	$dirlist[0] = "$dir/certs";
}


foreach (@@dirlist) {
	if(-d $_ and -w $_) {
		hash_dir($_);
	}
}

sub hash_dir {
	my %hashlist;
	print "Doing $_[0]\n";
	chdir $_[0];
	opendir(DIR, ".");
	my @@flist = readdir(DIR);
	# Delete any existing symbolic links
	foreach (grep {/^[\da-f]+\.r{0,1}\d+$/} @@flist) {
		if(-l $_) {
			unlink $_;
		}
	}
	closedir DIR;
	FILE: foreach $fname (grep {/\.pem$/} @@flist) {
		# Check to see if certificates and/or CRLs present.
		my ($cert, $crl) = check_file($fname);
		if(!$cert && !$crl) {
			print STDERR "WARNING: $fname does not contain a certificate or CRL: skipping\n";
			next;
		}
		link_hash_cert($fname) if($cert);
		link_hash_crl($fname) if($crl);
	}
}

sub check_file {
	my ($is_cert, $is_crl) = (0,0);
	my $fname = $_[0];
	open IN, $fname;
	while(<IN>) {
		if(/^-----BEGIN (.*)-----/) {
			my $hdr = $1;
			if($hdr =~ /^(X509 |TRUSTED |)CERTIFICATE$/) {
				$is_cert = 1;
				last if($is_crl);
			} elsif($hdr eq "X509 CRL") {
				$is_crl = 1;
				last if($is_cert);
			}
		}
	}
	close IN;
	return ($is_cert, $is_crl);
}


# Link a certificate to its subject name hash value, each hash is of
# the form <hash>.<n> where n is an integer. If the hash value already exists
# then we need to up the value of n, unless its a duplicate in which
# case we skip the link. We check for duplicates by comparing the
# certificate fingerprints

sub link_hash_cert {
		my $fname = $_[0];
		my ($hash, $fprint) = `$openssl x509 -hash -fingerprint -noout -in $fname`;
		chomp $hash;
		chomp $fprint;
		$fprint =~ s/^.*=//;
		$fprint =~ tr/://d;
		my $suffix = 0;
		# Search for an unused hash filename
		while(exists $hashlist{"$hash.$suffix"}) {
			# Hash matches: if fingerprint matches its a duplicate cert
			if($hashlist{"$hash.$suffix"} eq $fprint) {
				print STDERR "WARNING: Skipping duplicate certificate $fname\n";
				return;
			}
			$suffix++;
		}
		$hash .= ".$suffix";
		print "$fname => $hash\n";
		symlink $fname, $hash;
		$hashlist{$hash} = $fprint;
}

# Same as above except for a CRL. CRL links are of the form <hash>.r<n>

sub link_hash_crl {
		my $fname = $_[0];
		my ($hash, $fprint) = `$openssl crl -hash -fingerprint -noout -in $fname`;
		chomp $hash;
		chomp $fprint;
		$fprint =~ s/^.*=//;
		$fprint =~ tr/://d;
		my $suffix = 0;
		# Search for an unused hash filename
		while(exists $hashlist{"$hash.r$suffix"}) {
			# Hash matches: if fingerprint matches its a duplicate cert
			if($hashlist{"$hash.r$suffix"} eq $fprint) {
				print STDERR "WARNING: Skipping duplicate CRL $fname\n";
				return;
			}
			$suffix++;
		}
		$hash .= ".r$suffix";
		print "$fname => $hash\n";
		symlink $fname, $hash;
		$hashlist{$hash} = $fprint;
}

@


1.1.1.1.2.2
log
@MFC: Update to OpenSSL 0.9.6a
@
text
@d120 1
a120 6
		$symlink_exists=eval {symlink("",""); 1};
		if ($symlink_exists) {
			symlink $fname, $hash;
		} else {
			system ("cp", $fname, $hash);
		}
d145 1
a145 6
		$symlink_exists=eval {symlink("",""); 1};
		if ($symlink_exists) {
			symlink $fname, $hash;
		} else {
			system ("cp", $fname, $hash);
		}
@


1.1.1.1.2.2.2.1
log
@MFC: OpenSSL 0.9.6e
@
text
@d1 1
a1 1
#!/usr/local/bin/perl5
@


1.1.1.1.2.2.4.1
log
@MFC: OpenSSL 0.9.6e
@
text
@d1 1
a1 1
#!/usr/local/bin/perl5
@


1.1.1.1.2.2.6.1
log
@MFC: OpenSSL 0.9.6e
@
text
@d1 1
a1 1
#!/usr/local/bin/perl5
@


1.1.1.1.2.2.6.2
log
@Merge from RELENG_4_7: Update to OpenSSL 0.9.6i.
@
text
@d103 1
a103 2
		$fname =~ s/'/'\\''/g;
		my ($hash, $fprint) = `"$openssl" x509 -hash -fingerprint -noout -in '$fname'`;
d133 1
a133 2
		$fname =~ s/'/'\\''/g;
		my ($hash, $fprint) = `"$openssl" crl -hash -fingerprint -noout -in '$fname'`;
@


1.1.1.1.2.3
log
@MFC: OpenSSL 0.9.6e
@
text
@d1 1
a1 1
#!/usr/local/bin/perl5
@


1.1.1.1.2.4
log
@MFC: OpenSSL 0.9.6g.
@
text
@d1 1
a1 1
#!/usr/local/bin/perl
@


1.1.1.1.2.4.2.1
log
@Merge from RELENG_5_0: Update to OpenSSL 0.9.6i.
@
text
@d1 1
a1 1
#!/usr/local/bin/perl5
d103 1
a103 2
		$fname =~ s/'/'\\''/g;
		my ($hash, $fprint) = `"$openssl" x509 -hash -fingerprint -noout -in '$fname'`;
d133 1
a133 2
		$fname =~ s/'/'\\''/g;
		my ($hash, $fprint) = `"$openssl" crl -hash -fingerprint -noout -in '$fname'`;
@


1.1.1.1.2.5
log
@MFC OpenSSL 0.9.7
@
text
@d20 1
a20 1
if(! -x $openssl) {
d23 1
a23 1
		if(-x "$_/$openssl") {
d103 1
a103 2
		$fname =~ s/'/'\\''/g;
		my ($hash, $fprint) = `"$openssl" x509 -hash -fingerprint -noout -in '$fname'`;
d133 1
a133 2
		$fname =~ s/'/'\\''/g;
		my ($hash, $fprint) = `"$openssl" crl -hash -fingerprint -noout -in '$fname'`;
@


1.1.1.1.2.6
log
@MFC OpenSSL 0.9.7c.

Approved by:	re
@
text
@d1 1
a1 1
#!/usr/bin/perl
@


1.1.1.1.2.7
log
@MFC OpenSSL 0.9.7d.
@
text
@d1 1
a1 1
#!/usr/local/bin/perl
@


1.1.1.2
log
@Initial import of OpenSSL 0.9.6
@
text
@d1 61
a61 148
#!/usr/local/bin/perl


# Perl c_rehash script, scan all files in a directory
# and add symbolic links to their hash values.

my $openssl;

my $dir = "/usr/local/ssl";

if(defined $ENV{OPENSSL}) {
	$openssl = $ENV{OPENSSL};
} else {
	$openssl = "openssl";
	$ENV{OPENSSL} = $openssl;
}

$ENV{PATH} .= ":$dir/bin";

if(! -f $openssl) {
	my $found = 0;
	foreach (split /:/, $ENV{PATH}) {
		if(-f "$_/$openssl") {
			$found = 1;
			last;
		}	
	}
	if($found == 0) {
		print STDERR "c_rehash: rehashing skipped ('openssl' program not available)\n";
		exit 0;
	}
}

if(@@ARGV) {
	@@dirlist = @@ARGV;
} elsif($ENV{SSL_CERT_DIR}) {
	@@dirlist = split /:/, $ENV{SSL_CERT_DIR};
} else {
	$dirlist[0] = "$dir/certs";
}


foreach (@@dirlist) {
	if(-d $_ and -w $_) {
		hash_dir($_);
	}
}

sub hash_dir {
	my %hashlist;
	print "Doing $_[0]\n";
	chdir $_[0];
	opendir(DIR, ".");
	my @@flist = readdir(DIR);
	# Delete any existing symbolic links
	foreach (grep {/^[\da-f]+\.r{0,1}\d+$/} @@flist) {
		if(-l $_) {
			unlink $_;
		}
	}
	closedir DIR;
	FILE: foreach $fname (grep {/\.pem$/} @@flist) {
		# Check to see if certificates and/or CRLs present.
		my ($cert, $crl) = check_file($fname);
		if(!$cert && !$crl) {
			print STDERR "WARNING: $fname does not contain a certificate or CRL: skipping\n";
			next;
		}
		link_hash_cert($fname) if($cert);
		link_hash_crl($fname) if($crl);
	}
}

sub check_file {
	my ($is_cert, $is_crl) = (0,0);
	my $fname = $_[0];
	open IN, $fname;
	while(<IN>) {
		if(/^-----BEGIN (.*)-----/) {
			my $hdr = $1;
			if($hdr =~ /^(X509 |TRUSTED |)CERTIFICATE$/) {
				$is_cert = 1;
				last if($is_crl);
			} elsif($hdr eq "X509 CRL") {
				$is_crl = 1;
				last if($is_cert);
			}
		}
	}
	close IN;
	return ($is_cert, $is_crl);
}


# Link a certificate to its subject name hash value, each hash is of
# the form <hash>.<n> where n is an integer. If the hash value already exists
# then we need to up the value of n, unless its a duplicate in which
# case we skip the link. We check for duplicates by comparing the
# certificate fingerprints

sub link_hash_cert {
		my $fname = $_[0];
		my ($hash, $fprint) = `$openssl x509 -hash -fingerprint -noout -in $fname`;
		chomp $hash;
		chomp $fprint;
		$fprint =~ s/^.*=//;
		$fprint =~ tr/://d;
		my $suffix = 0;
		# Search for an unused hash filename
		while(exists $hashlist{"$hash.$suffix"}) {
			# Hash matches: if fingerprint matches its a duplicate cert
			if($hashlist{"$hash.$suffix"} eq $fprint) {
				print STDERR "WARNING: Skipping duplicate certificate $fname\n";
				return;
			}
			$suffix++;
		}
		$hash .= ".$suffix";
		print "$fname => $hash\n";
		symlink $fname, $hash;
		$hashlist{$hash} = $fprint;
}

# Same as above except for a CRL. CRL links are of the form <hash>.r<n>

sub link_hash_crl {
		my $fname = $_[0];
		my ($hash, $fprint) = `$openssl crl -hash -fingerprint -noout -in $fname`;
		chomp $hash;
		chomp $fprint;
		$fprint =~ s/^.*=//;
		$fprint =~ tr/://d;
		my $suffix = 0;
		# Search for an unused hash filename
		while(exists $hashlist{"$hash.r$suffix"}) {
			# Hash matches: if fingerprint matches its a duplicate cert
			if($hashlist{"$hash.r$suffix"} eq $fprint) {
				print STDERR "WARNING: Skipping duplicate CRL $fname\n";
				return;
			}
			$suffix++;
		}
		$hash .= ".r$suffix";
		print "$fname => $hash\n";
		symlink $fname, $hash;
		$hashlist{$hash} = $fprint;
}

@


1.1.1.3
log
@Initial import of OpenSSL 0.9.6a
@
text
@d120 1
a120 6
		$symlink_exists=eval {symlink("",""); 1};
		if ($symlink_exists) {
			symlink $fname, $hash;
		} else {
			system ("cp", $fname, $hash);
		}
d145 1
a145 6
		$symlink_exists=eval {symlink("",""); 1};
		if ($symlink_exists) {
			symlink $fname, $hash;
		} else {
			system ("cp", $fname, $hash);
		}
@


1.1.1.4
log
@Import of OpenSSL 0.9.6e.
@
text
@d1 1
a1 1
#!/usr/local/bin/perl5
@


1.1.1.5
log
@Import of OpenSSL 0.9.6f.
@
text
@d1 1
a1 1
#!/usr/local/bin/perl
@


1.1.1.5.2.1
log
@Update to OpenSSL 0.9.6i.
@
text
@d103 1
a103 2
		$fname =~ s/'/'\\''/g;
		my ($hash, $fprint) = `"$openssl" x509 -hash -fingerprint -noout -in '$fname'`;
d133 1
a133 2
		$fname =~ s/'/'\\''/g;
		my ($hash, $fprint) = `"$openssl" crl -hash -fingerprint -noout -in '$fname'`;
@


1.1.1.6
log
@Vendor import of OpenSSL release 0.9.7. This release includes
support for AES and OpenBSD's hardware crypto.
@
text
@d20 1
a20 1
if(! -x $openssl) {
d23 1
a23 1
		if(-x "$_/$openssl") {
d103 1
a103 2
		$fname =~ s/'/'\\''/g;
		my ($hash, $fprint) = `"$openssl" x509 -hash -fingerprint -noout -in '$fname'`;
d133 1
a133 2
		$fname =~ s/'/'\\''/g;
		my ($hash, $fprint) = `"$openssl" crl -hash -fingerprint -noout -in '$fname'`;
@


1.1.1.7
log
@Vendor import of OpenSSL 0.9.7c
@
text
@d1 1
a1 1
#!/usr/bin/perl
@


1.1.1.8
log
@Vendor import of OpenSSL 0.9.7d.
@
text
@d1 1
a1 1
#!/usr/local/bin/perl
@


1.1.1.8.2.1
log
@MFC update OpenSSL 0.9.7d -> 0.9.7e.
@
text
@d1 1
a1 1
#!/usr/bin/perl
@


1.1.1.9
log
@Vendor import of OpenSSL 0.9.7e.
@
text
@d1 1
a1 1
#!/usr/bin/perl
@


1.1.1.10
log
@Vendor import of OpenSSL 0.9.8d.
@
text
@d1 1
a1 1
#!/usr/local/bin/perl
@


1.1.1.11
log
@Vendor import of OpenSSL 0.9.8e.
@
text
@d1 1
a1 1
#!/usr/bin/perl
@


1.1.1.11.2.1
log
@SVN rev 215997 on 2010-11-28 13:45:51Z by simon

Merge OpenSSL 0.9.8p into stable/7.

This merges up to and including head/crypto/openssl/ r215697; and
head/secure/lib/libcrypto/, head/secure/lib/libssl/,
head/secure/usr.bin/openssl/ r215698.

To make the merge simpler, a hack was added to set MACHINE_CPUARCH.

A few old OpenSSL security fixes are still the stable/7 tree - these
will be backed out to the vendor version shortly.

Security:	CVE-2010-2939, CVE-2010-3864
Security:	http://www.openssl.org/news/secadv_20101116.txt
Security:	FreeBSD-SA-10:10.openssl
Approved by:	re (implicitly - they did not object of the general idea
		of OpenSSL update)
@
text
@a9 1
my $prefix = "/usr/local/ssl";
@


1.1.1.11.10.1
log
@SVN rev 215912 on 2010-11-26 22:50:58Z by simon

Merge OpenSSL 0.9.8p into stable/8.

This merges up to and including head/crypto/openssl/ r215697; and
head/secure/lib/libcrypto/, head/secure/lib/libssl/,
head/secure/usr.bin/openssl/ r215698.

To make the merge simpler, a hack was added to set MACHINE_CPUARCH.

Security:	CVE-2010-2939, CVE-2010-3864
Security:	http://www.openssl.org/news/secadv_20101116.txt
Security:	FreeBSD-SA-10:10.openssl
Approved by:	re (implicitly - they did not object of the general idea
		of OpenSSL update)
@
text
@a9 1
my $prefix = "/usr/local/ssl";
@


