Jeffrey Altman wrote:
>
> > Its a bit broken for several reasons...
> >
> > The script that normally creates these things "c_rehash" looks like it
> > will only ever create hashes ending in zero.
>
> That can't be true:
>
> 11/05/99 3:15 1,314 23dbf167.0
> 12/09/99 0:54 4,306 37bb5c86.0
>
Well .0 anyway... check out c_rehash:
if [ $i != '*.pem' ]; then
h=`$OPENSSL x509 -hash -noout -in $i`
if [ "x$h" = "x" ]; then
echo $i does not contain a certificate
else
if [ -f $h.0 ]; then
/bin/rm -f $h.0
fi
echo "$i => $h.0"
ln -s $i $h.0
fi
fi
This will only ever add .0 to a certificate.
> The .0 which is appended to the hash is used to differentiate
> certificates from CRLs which get a .r appended to them.
>
CRLs would have .r0 (and .r1, .r2...) appended to them. Check out
crypto/x509/by_dir.c the function get_cert_by_subject().
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
