Dev news

Commit fc06875716 for openssl.org

commit fc068757169a4dced80c8dacef8f00b3deb2ba48
Author: Dr. David von Oheimb <dev@ddvo.net>
Date:   Wed Apr 22 18:07:15 2026 +0200

    openssl-rehash.pod.in: fix details of the general description how input files are handled

    Reviewed-by: Tomas Mraz <tomas@openssl.foundation>
    Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
    MergeDate: Mon Jun  1 04:57:12 2026
    (Merged from https://github.com/openssl/openssl/pull/25683)

diff --git a/doc/man1/openssl-rehash.pod.in b/doc/man1/openssl-rehash.pod.in
index ee7a432fc6..287f647f37 100644
--- a/doc/man1/openssl-rehash.pod.in
+++ b/doc/man1/openssl-rehash.pod.in
@@ -28,8 +28,12 @@ B<rehash>

 B<openssl rehash> scans directories and calculates a hash value of
 each F<.pem>, F<.crt>, F<.cer>, or F<.crl>
-file in the specified directory list and creates symbolic links
-for each file, where the name of the link is the hash value.
+file in the specified directory list
+that is in PEM format and contains exactly one certificate or CRL.
+The extension matching is case-insensitive and uses C locale.
+For each of these files, it creates a symbolic link with its name being the
+hash value of the certificate subject name or CRL issuer name, respectively.
+In this context, the first 4 bytes of SHA-1 digest is used.
 (If the platform does not support symbolic links, a copy is made.)
 This command is useful as many programs that use OpenSSL require
 directories to be set up like this in order to find certificates.
@@ -55,12 +59,12 @@ the period, like this: I<HHHHHHHH.>B<r>I<D>.

 Multiple objects may have the same hash; they will be indicated by
 incrementing the I<D> value. Duplicates are found by comparing the
-full SHA-1 fingerprint. A warning will be displayed if a duplicate
-is found.
+full SHA-1 fingerprint of the certificate or CRL in DER representation.
+A warning will be displayed if a duplicate is found.

-A warning will also be displayed if there are files that
-cannot be parsed as either a certificate or a CRL or if
-more than one such object appears in the file.
+A warning will also be displayed if there are files with a recognized filename
+extension that cannot be parsed as either a certificate or a CRL in PEM format
+or contain more than one such object.

 =head1 OPTIONS