]> git.ipfire.org Git - thirdparty/openssl.git/blob - tools/c_rehash.in
projects / thirdparty / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Return error when trying to print invalid ASN1 integer
[thirdparty/openssl.git] / tools / c_rehash.in
1 #!/usr/local/bin/perl
2
3
4 # Perl c_rehash script, scan all files in a directory
5 # and add symbolic links to their hash values.
6
7 my $openssl;
8
9 my $dir;
10 my $prefix;
11
12 if(defined $ENV{OPENSSL}) {
13 $openssl = $ENV{OPENSSL};
14 } else {
15 $openssl = "openssl";
16 $ENV{OPENSSL} = $openssl;
17 }
18
19 my $pwd;
20 eval "require Cwd";
21 if (defined(&Cwd::getcwd)) {
22 $pwd=Cwd::getcwd();
23 } else {
24 $pwd=`pwd`; chomp($pwd);
25 }
26 my $path_delim = ($pwd =~ /^[a-z]\:/i) ? ';' : ':'; # DOS/Win32 or Unix delimiter?
27
28 $ENV{PATH} = "$prefix/bin" . ($ENV{PATH} ? $path_delim . $ENV{PATH} : ""); # prefix our path
29
30 if(! -x $openssl) {
31 my $found = 0;
32 foreach (split /$path_delim/, $ENV{PATH}) {
33 if(-x "$_/$openssl") {
34 $found = 1;
35 $openssl = "$_/$openssl";
36 last;
37 }
38 }
39 if($found == 0) {
40 print STDERR "c_rehash: rehashing skipped ('openssl' program not available)\n";
41 exit 0;
42 }
43 }
44
45 if(@ARGV) {
46 @dirlist = @ARGV;
47 } elsif($ENV{SSL_CERT_DIR}) {
48 @dirlist = split /$path_delim/, $ENV{SSL_CERT_DIR};
49 } else {
50 $dirlist[0] = "$dir/certs";
51 }
52
53 if (-d $dirlist[0]) {
54 chdir $dirlist[0];
55 $openssl="$pwd/$openssl" if (!-x $openssl);
56 chdir $pwd;
57 }
58
59 foreach (@dirlist) {
60 if(-d $_ and -w $_) {
61 hash_dir($_);
62 }
63 }
64
65 sub hash_dir {
66 my %hashlist;
67 print "Doing $_[0]\n";
68 chdir $_[0];
69 opendir(DIR, ".");
70 my @flist = readdir(DIR);
71 # Delete any existing symbolic links
72 foreach (grep {/^[\da-f]+\.r{0,1}\d+$/} @flist) {
73 if(-l $_) {
74 unlink $_;
75 }
76 }
77 closedir DIR;
78 FILE: foreach $fname (grep {/\.pem$/} @flist) {
79 # Check to see if certificates and/or CRLs present.
80 my ($cert, $crl) = check_file($fname);
81 if(!$cert && !$crl) {
82 print STDERR "WARNING: $fname does not contain a certificate or CRL: skipping\n";
83 next;
84 }
85 link_hash_cert($fname) if($cert);
86 link_hash_crl($fname) if($crl);
87 }
88 }
89
90 sub check_file {
91 my ($is_cert, $is_crl) = (0,0);
92 my $fname = $_[0];
93 open IN, $fname;
94 while(<IN>) {
95 if(/^-----BEGIN (.*)-----/) {
96 my $hdr = $1;
97 if($hdr =~ /^(X509 |TRUSTED |)CERTIFICATE$/) {
98 $is_cert = 1;
99 last if($is_crl);
100 } elsif($hdr eq "X509 CRL") {
101 $is_crl = 1;
102 last if($is_cert);
103 }
104 }
105 }
106 close IN;
107 return ($is_cert, $is_crl);
108 }
109
110
111 # Link a certificate to its subject name hash value, each hash is of
112 # the form <hash>.<n> where n is an integer. If the hash value already exists
113 # then we need to up the value of n, unless its a duplicate in which
114 # case we skip the link. We check for duplicates by comparing the
115 # certificate fingerprints
116
117 sub link_hash_cert {
118 my $fname = $_[0];
119 $fname =~ s/'/'\\''/g;
120 my ($hash, $fprint) = `"$openssl" x509 -hash -fingerprint -noout -in "$fname"`;
121 chomp $hash;
122 chomp $fprint;
123 $fprint =~ s/^.*=//;
124 $fprint =~ tr/://d;
125 my $suffix = 0;
126 # Search for an unused hash filename
127 while(exists $hashlist{"$hash.$suffix"}) {
128 # Hash matches: if fingerprint matches its a duplicate cert
129 if($hashlist{"$hash.$suffix"} eq $fprint) {
130 print STDERR "WARNING: Skipping duplicate certificate $fname\n";
131 return;
132 }
133 $suffix++;
134 }
135 $hash .= ".$suffix";
136 print "$fname => $hash\n";
137 $symlink_exists=eval {symlink("",""); 1};
138 if ($symlink_exists) {
139 symlink $fname, $hash;
140 } else {
141 open IN,"<$fname" or die "can't open $fname for read";
142 open OUT,">$hash" or die "can't open $hash for write";
143 print OUT <IN>; # does the job for small text files
144 close OUT;
145 close IN;
146 }
147 $hashlist{$hash} = $fprint;
148 }
149
150 # Same as above except for a CRL. CRL links are of the form <hash>.r<n>
151
152 sub link_hash_crl {
153 my $fname = $_[0];
154 $fname =~ s/'/'\\''/g;
155 my ($hash, $fprint) = `"$openssl" crl -hash -fingerprint -noout -in '$fname'`;
156 chomp $hash;
157 chomp $fprint;
158 $fprint =~ s/^.*=//;
159 $fprint =~ tr/://d;
160 my $suffix = 0;
161 # Search for an unused hash filename
162 while(exists $hashlist{"$hash.r$suffix"}) {
163 # Hash matches: if fingerprint matches its a duplicate cert
164 if($hashlist{"$hash.r$suffix"} eq $fprint) {
165 print STDERR "WARNING: Skipping duplicate CRL $fname\n";
166 return;
167 }
168 $suffix++;
169 }
170 $hash .= ".r$suffix";
171 print "$fname => $hash\n";
172 $symlink_exists=eval {symlink("",""); 1};
173 if ($symlink_exists) {
174 symlink $fname, $hash;
175 } else {
176 system ("cp", $fname, $hash);
177 }
178 $hashlist{$hash} = $fprint;
179 }
180
A mirror of the official openssl repository