From: Dr. David von Oheimb Date: Wed, 22 Apr 2026 16:07:15 +0000 (+0200) Subject: openssl-rehash.pod.in: fix details of the general description how input files are... X-Git-Url: http://git.ipfire.org/gitweb/index.cgi?a=commitdiff_plain;h=fc068757169a4dced80c8dacef8f00b3deb2ba48;p=thirdparty%2Fopenssl.git openssl-rehash.pod.in: fix details of the general description how input files are handled Reviewed-by: Tomas Mraz Reviewed-by: Eugene Syromiatnikov MergeDate: Mon Jun 1 04:57:12 2026 (Merged from https://github.com/openssl/openssl/pull/25683) --- diff --git a/doc/man1/openssl-rehash.pod.in b/doc/man1/openssl-rehash.pod.in index ee7a432fc63..287f647f376 100644 --- a/doc/man1/openssl-rehash.pod.in +++ b/doc/man1/openssl-rehash.pod.in @@ -28,8 +28,12 @@ B B scans directories and calculates a hash value of each F<.pem>, F<.crt>, F<.cer>, or F<.crl> -file in the specified directory list and creates symbolic links -for each file, where the name of the link is the hash value. +file in the specified directory list +that is in PEM format and contains exactly one certificate or CRL. +The extension matching is case-insensitive and uses C locale. +For each of these files, it creates a symbolic link with its name being the +hash value of the certificate subject name or CRL issuer name, respectively. +In this context, the first 4 bytes of SHA-1 digest is used. (If the platform does not support symbolic links, a copy is made.) This command is useful as many programs that use OpenSSL require directories to be set up like this in order to find certificates. @@ -55,12 +59,12 @@ the period, like this: IBI. Multiple objects may have the same hash; they will be indicated by incrementing the I value. Duplicates are found by comparing the -full SHA-1 fingerprint. A warning will be displayed if a duplicate -is found. +full SHA-1 fingerprint of the certificate or CRL in DER representation. +A warning will be displayed if a duplicate is found. -A warning will also be displayed if there are files that -cannot be parsed as either a certificate or a CRL or if -more than one such object appears in the file. +A warning will also be displayed if there are files with a recognized filename +extension that cannot be parsed as either a certificate or a CRL in PEM format +or contain more than one such object. =head1 OPTIONS