3 ## Set up configuration.
4 ca_user=ca ca_group=ca ca_owner=root
5 if [ -f etc/config ]; then . etc/config; fi
10 ## Make sure we're running as the CA user. I don't trust ASN.1 parsers
11 ## to run as root against untrusted input -- especially OpenSSL's one.
15 *) exec sudo -u $ca_user "$0" "$@" ;;
20 ## linkserial CERT [SERIAL]
22 ## Make a link for the certificate according to its serial number.
25 serial=$(openssl x509 -serial -noout -in "$cert")
27 t=index/byserial$suffix/$serial.pem
29 other=$(readlink "$t")
30 echo "Duplicate serial numbers: ${other##*/}, ${cert##*/}"
38 ## linkhash CERT [SUFFIX]
40 ## Make links for the certificate according to its hash.
43 fpr=$(openssl x509 -fingerprint -noout -in "$cert")
44 for opt in subject_hash subject_hash_old; do
46 hash=$(openssl x509 -$opt -noout -in "$cert")
47 while t=index/byhash$suffix/$hash.$n; [ -L "$t" ]; do
48 ofpr=$(openssl x509 -fingerprint -noout -in "$t")
49 other=$(readlink "$t")
50 case "${cert##*/}" in "${other##*/}") continue ;; esac
53 echo "Duplicate certificates: ${other##*/}, ${cert##*/}"