Date: Thu, 08 Feb 2018 17:43:30 -0700 From: Ian Lepore <ian@freebsd.org> To: Jung-uk Kim <jkim@FreeBSD.org>, bsd-lists@BSDforge.com, FreeBSD-current <freebsd-current@freebsd.org> Subject: Re: openssl in base should install c_rehash Message-ID: <1518137010.32585.127.camel@freebsd.org> In-Reply-To: <250d888c-2c9b-553d-7d19-9dc03cd94713@FreeBSD.org> References: <2647c9a31e203a8891637aaa89462afe@udns.ultimatedns.net> <9306ff93-e606-c958-655b-1e12ddf9c579@FreeBSD.org> <1518133887.32585.110.camel@freebsd.org> <250d888c-2c9b-553d-7d19-9dc03cd94713@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 2018-02-08 at 19:35 -0500, Jung-uk Kim wrote: > On 02/08/2018 18:51, Ian Lepore wrote: > > > > On Thu, 2018-02-08 at 17:47 -0500, Jung-uk Kim wrote: > > > > > > On 02/08/2018 17:31, Chris H wrote: > > > > > > > > > > > > [...] > > > > Couldn't this be in $base? I'd like to vote yes. :-) > > > From OpenSSL 1.1.0, openssl(1) added "rehash" command. > > > > > > https://www.openssl.org/docs/man1.1.0/apps/rehash.html > > > > > > I don't think we need yet another implementation in the base. > > But on a machine I just set up last weekend using -current I get: > > > > ian@th > openssl rehash > > openssl:Error: 'rehash' is an invalid command. > > ian@th > openssl version > > OpenSSL 1.0.2n-freebsd 7 Dec 2017 > > > > Are we going to update to 1.1.0 soon? > When I find some free time. I don't know how "soon", however. > > > > > If not, how does it help that a version we don't use has rehash > > built in? > We will have the feature when we import OpenSSL 1.1.0. Knowing that it > is obsoleted by the upstream, I don't want to add an equivalent script > in the base. > > If it is really necessary, you can always install the c_rehash script > (security/openssl), openssl with rehash command > (security/openssl-devel), openssl with certhash command > (security/libressl), etc. from the ports tree. > > BTW, we never had it in the base and it was removed from head src tree > more than 5 years ago. Why is it so important now? :-( When looking for info (because of this thread) I noticed that lots of how-to writeups on the web tell you to use the c_rehash command, so if we don't supply one that's bad (or if we supply an alternate-named thing we should document that somehow). If we're just a bit behind but we're going to catch up eventually, then that's good enough I think. It's not clear if openssl 1.1.0 installs a link or wrapper for c_rehash or not. That manpage seems to imply that "openssl rehash" and "c_rehash" are equivelent. -- Ian
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1518137010.32585.127.camel>