--- c_rehash	2009-06-04 20:24:01.001328312 -0400
+++ c_rehash.new	2009-06-04 21:09:38.966041913 -0400
@@ -81,7 +81,7 @@
 			print STDERR "WARNING: $fname does not contain a certificate or CRL: skipping\n";
 			next;
 		}
-		link_hash_cert($fname) if($cert);
+		link_hash_certs($fname) if($cert);
 		link_hash_crl($fname) if($crl);
 	}
 }
@@ -113,14 +113,31 @@
 # case we skip the link. We check for duplicates by comparing the
 # certificate fingerprints
 
-sub link_hash_cert {
-		my $fname = $_[0];
+sub link_hash_certs {
+		my $fname = shift;
 		$fname =~ s/'/'\\''/g;
-		my ($hash, $fprint) = `"$openssl" x509 -hash -fingerprint -noout -in "$fname"`;
-		chomp $hash;
-		chomp $fprint;
-		$fprint =~ s/^.*=//;
-		$fprint =~ tr/://d;
+		my $cert = '';
+		open(PEM, $fname);
+		while(<PEM>) {
+			$cert .= $_ if $cert || /^-----BEGIN (X509 |TRUSTED )?CERTIFICATE-----\s*$/;
+			if(/^-----END (X509 |TRUSTED )?CERTIFICATE-----\s*$/) {
+				my ($hash, $fprint) = `"$openssl" x509 -hash -fingerprint -noout <<< "$cert"`;
+				chomp $hash;
+				chomp $fprint;
+				$fprint =~ s/^.*=//;
+				$fprint =~ tr/://d;
+				link_hash_cert($fname, $hash, $print);
+				$cert = '';
+			}
+		}
+		close(PEM);
+}
+
+
+sub link_hash_cert {
+		my $fname = shift;
+		my $hash = shift;
+		my $fprint = shift;
 		my $suffix = 0;
 		# Search for an unused hash filename
 		while(exists $hashlist{"$hash.$suffix"}) {