3 ## Set up configuration.
4 ca_user
=ca ca_group
=ca ca_owner
=root
5 if [ -f etc
/config
]; then . etc
/config
; fi
10 ## Make sure we're running as the CA user. I don't trust ASN.1 parsers
11 ## to run as root against untrusted input -- especially OpenSSL's one.
15 *) exec sudo
-u
$ca_user "$0" "$@" ;;
20 ## linkserial CERT [SERIAL]
22 ## Make a link for the certificate according to its serial number.
25 serial
=$
(openssl x509
-serial
-noout
-in "$cert")
27 t
=index
/byserial
$suffix/$serial.pem
29 other
=$
(readlink
"$t")
30 echo "Duplicate serial numbers: ${other##*/}, ${cert##*/}"
38 ## linkhash CERT [SUFFIX]
40 ## Make links for the certificate according to its hash.
43 fpr
=$
(openssl x509
-fingerprint
-noout
-in "$cert")
44 for opt
in subject_hash subject_hash_old
; do
46 hash=$
(openssl x509
-$opt -noout
-in "$cert")
47 while t
=index
/byhash
$suffix/$hash.
$n; [ -L
"$t" ]; do
48 ofpr
=$
(openssl x509
-fingerprint
-noout
-in "$t")
49 other
=$
(readlink
"$t")
50 case "${cert##*/}" in "${other##*/}") continue ;; esac
53 echo "Duplicate certificates: ${other##*/}, ${cert##*/}"