Re: openssl in base should install c_rehash

On Thu, 2018-02-08 at 19:35 -0500, Jung-uk Kim wrote:
> On 02/08/2018 18:51, Ian Lepore wrote:
> > 
> > On Thu, 2018-02-08 at 17:47 -0500, Jung-uk Kim wrote:
> > > 
> > > On 02/08/2018 17:31, Chris H wrote:
> > > > 
> > > > 
> > > > [...]
> > > > Couldn't this be in $base? I'd like to vote yes. :-)
> > > From OpenSSL 1.1.0, openssl(1) added "rehash" command.
> > > 
> > > https://www.openssl.org/docs/man1.1.0/apps/rehash.html
> > > 
> > > I don't think we need yet another implementation in the base.
> > But on a machine I just set up last weekend using -current I get:
> > 
> >     ian_at_th > openssl rehash
> >     openssl:Error: 'rehash' is an invalid command.
> >     ian_at_th > openssl version
> >     OpenSSL 1.0.2n-freebsd  7 Dec 2017
> > 
> > Are we going to update to 1.1.0 soon?
> When I find some free time.  I don't know how "soon", however.
> 
> > 
> > If not, how does it help that a version we don't use has rehash
> > built in?
> We will have the feature when we import OpenSSL 1.1.0.  Knowing that it
> is obsoleted by the upstream, I don't want to add an equivalent script
> in the base.
> 
> If it is really necessary, you can always install the c_rehash script
> (security/openssl), openssl with rehash command
> (security/openssl-devel), openssl with certhash command
> (security/libressl), etc. from the ports tree.
> 
> BTW, we never had it in the base and it was removed from head src tree
> more than 5 years ago.  Why is it so important now? :-(

When looking for info (because of this thread) I noticed that lots of
how-to writeups on the web tell you to use the c_rehash command, so if
we don't supply one that's bad (or if we supply an alternate-named
thing we should document that somehow).

If we're just a bit behind but we're going to catch up eventually, then
that's good enough I think. 

It's not clear if openssl 1.1.0 installs a link or wrapper for c_rehash
or not.  That manpage seems to imply that "openssl rehash" and
"c_rehash" are equivelent.

-- Ian