@@ -152,6 +152,23 @@ sub check_file {
152152 return ($is_cert, $is_crl);
153153}
154154
155+ sub compute_hash {
156+ my $fh;
157+ if ( $^O eq "VMS" ) {
158+ # VMS uses the open through shell
159+ # The file names are safe there and list form is unsupported
160+ if (!open($fh, "-|", join(' ', @_))) {
161+ print STDERR "Cannot compute hash on '$fname'\n";
162+ return;
163+ }
164+ } else {
165+ if (!open($fh, "-|", @_)) {
166+ print STDERR "Cannot compute hash on '$fname'\n";
167+ return;
168+ }
169+ }
170+ return (<$fh>, <$fh>);
171+ }
155172
156173# Link a certificate to its subject name hash value, each hash is of
157174# the form <hash>.<n> where n is an integer. If the hash value already exists
@@ -161,10 +178,12 @@ sub check_file {
161178
162179sub link_hash_cert {
163180 my $fname = $_[0];
164- $fname =~ s/\"/\\\"/g;
165- my ($hash, $fprint) = `"$openssl" x509 $x509hash -fingerprint -noout -in "$fname"`;
181+ my ($hash, $fprint) = compute_hash($openssl, "x509", $x509hash,
182+ "-fingerprint", "-noout",
183+ "-in", $fname);
166184 chomp $hash;
167185 chomp $fprint;
186+ return if !$hash;
168187 $fprint =~ s/^.*=//;
169188 $fprint =~ tr/://d;
170189 my $suffix = 0;
@@ -202,10 +221,12 @@ sub link_hash_cert {
202221
203222sub link_hash_crl {
204223 my $fname = $_[0];
205- $fname =~ s/'/'\\''/g;
206- my ($hash, $fprint) = `"$openssl" crl $crlhash -fingerprint -noout -in '$fname'`;
224+ my ($hash, $fprint) = compute_hash($openssl, "crl", $crlhash,
225+ "-fingerprint", "-noout",
226+ "-in", $fname);
207227 chomp $hash;
208228 chomp $fprint;
229+ return if !$hash;
209230 $fprint =~ s/^.*=//;
210231 $fprint =~ tr/://d;
211232 my $suffix = 0;
0 commit comments