#!/bin/sh
#
# redo the hashes for the certificates in your cert path or the ones passed
# on the command line.
#

if [ "$OPENSSL"x = "x" -o ! -x "$OPENSSL" ]; then
	OPENSSL='openssl'
	export OPENSSL
fi
DIR=/usr/local/ssl
PATH=$DIR/bin:$PATH

if [ ! -f "$OPENSSL" ]; then
    found=0
    for dir in . `echo $PATH | sed -e 's/:/ /g'`; do
        if [ -f "$dir/$OPENSSL" ]; then
            found=1
            break
        fi
    done
    if [ $found = 0 ]; then
        echo "c_rehash: rehashing skipped ('openssl' program still not available)" 1>&2
        exit 0
    fi
fi

SSL_DIR=$DIR/certs

if [ "$*" = "" ]; then
	CERTS=${*:-${SSL_CERT_DIR:-$SSL_DIR}}
else
	CERTS=$*
fi

IFS=': '
for i in $CERTS
do
  (
  IFS=' '
  if [ -d $i -a -w $i ]; then
    cd $i
    echo "Doing $i"
    for i in *.pem
    do
      if [ $i != '*.pem' ]; then
        h=`$OPENSSL x509 -hash -noout -in $i`
	if [ "x$h" = "x" ]; then
	  echo $i does not contain a certificate
	else
          if [ -f $h.0 ]; then
            /bin/rm -f $h.0
          fi
          echo "$i => $h.0"
          ln -s $i $h.0
	fi
      fi
    done
  fi
  )
done