Updated c_rehash.c based on feed back from the mailing list and Rich
Salz.

Would be nice to get additional review. It is not yet a patch for
'openssl' subcommand, but this is on the list. Just posting current
progress.

Most notable changes:
- removal of non-portable libc usage such as fnmatch(), *at() functions
- atomic update of hashes is improved, but not perfect. as in symlinks
are only touched if needed. trying to take care of all possible race
conditions looks tricky, and probably not feasible.
- added 'crt' extension
- hashes only files containing exactly one certificate or CRL. this is
1) because openssl library core checks only the first cert, and 2)
distros often create ca-certificates.crt containing *all*
certs, as this now matches known extensions it would easily make
openssl core break when all symlinks point to this same .crt file.
- code to create old style hashes is there, but no command line switch
parsing is added yet

also some other minor cleanups and changes are done too.

Feedback would be appreciated.

Thanks,
Timo

The collision case is tricky when a colliding trust-anchor is
deleted whose index suffix is not the largest. I'd be tempted to
symlink it to the remaining colliding certificate with the highest
index:

Before:

X.0 -> retired CA
X.1 -> retained CA

After:

X.0 -> retained CA
X.1 -> retained CA

And leave it that way for some time. On each run, if the highest
numbered index is duplicated by a lower-numbered index whose lstat(2)
age is sufficiently high (5 minutes or more?), that index can be
deleted (garbage collection). That might create a situation in
which we have:

X.0 -> CA1
X.1 -> CA1
X.2 -> CA2
(X.3 -> CA1 deleted)

In that case, update all but the first link to any fixed target to
point to the highest retained index.

X.1 -> CA2.

Leaving the invariant condition that at the end of each run at most
the last CA is duplicated. In steady-state this eliminates redundant
links, but avoids exposing verifiers to race conditions.