On Fri, Apr 06, 2018 at 12:22:12AM +0200, Sebastian Andrzej Siewior wrote: > Hi, > > the openssl package provides the c_rehash script which creates the links > from XXXXXXXX.Y to the actual certificate in /etc/ssl/certs/. During the > transition from 0.9.8 to 1.0.0 the hash (for the X part) changed from > md5 to sha1. Since that transition in Debian the c_rehash script > provides both symlinks: the old hash (md5) and the new (sha1) one. > > The c_rehash script is considered by upstream as a fallback script and > will disappear at some point. The recommended way is to use the "openssl > rehash" command instead which appeared in 1.1.0. This command creates > half that many symlinks (one per certificate instead of two) because it > uses only the sha1 hash. There is also the -compat option which creates > both symlinks (and behaves like c_rehash currently does) but as > explained above it should not be required to use it. > > I am planning to fill bugs against 23 packages which use "c_rehash" to > use "openssl rehash" instead. Here is the dd-list of packages I > identified: [...] > Antonio Terceiro <terce...@debian.org> > ruby-openssl (U)
this is a false positive. the only ocurrance of "c_rehash" is in example code and is a reference to a c_rehash.rb file in the same directory of examples.
Description: PGP signature