(The attached patch was published first on the Postfix mailing list; feedback to be received later will be added here as followup.)
The patch adds -h/-help/--help/-? option (only effective if passed as first argument). The patch adds an -old_compat option (if given as first argument). It will make c_rehash add -subject_hash (as usual) and *also* -subject_hash_old hashes (i. e. we get two symlinks per cert, or per CRL), to allow sharing of the same CApath directories between OpenSSL 1.0.0 based and 0.9.8 based applications. This is for systems that have partially migrated to OpenSSL 1.0.0 but need 0.9.8 support for whatever reason (commercial application, whatever): Example: $ sudo env PATH=/opt/openssl1/bin:$PATH perl ./tools/c_rehash -compat_old /etc/ssl/certs ... $ LC_ALL=C ls -l /etc/ssl/certs | grep Telekom lrwxrwxrwx 1 root root 30 May 20 09:53 4e18c148.0 -> Deutsche_Telekom_Root_CA_2.pem lrwxrwxrwx 1 root root 30 May 20 09:53 812e17de.0 -> Deutsche_Telekom_Root_CA_2.pem -rw-r--r-- 1 root root 1318 Nov 18 2009 Deutsche_Telekom_Root_CA_2.pem Works for me with CA certs as shown above, CRLs untested. -- Matthias Andree
openssl-c_rehash-both.patch
Description: Binary data
