From add38843fb98e839c56fea6af96eef71a09ae217 Mon Sep 17 00:00:00 2001
From: Franco Fichtner <franco@opnsense.org>
Date: Thu, 21 Dec 2023 08:23:25 +0100
Subject: [PATCH] system: zero-fill the resulting hash to 8 characters

This is what certctl does and it was rightfully flagged as
"missing files" in the health audit, e.g.

/etc/ssl/blacklisted/80911ac.0 (wrong)

vs.

/etc/ssl/blacklisted/080911ac.0 (correct)
---
 src/opnsense/scripts/system/certctl.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/opnsense/scripts/system/certctl.py b/src/opnsense/scripts/system/certctl.py
index c82064b6c..535a05356 100755
--- a/src/opnsense/scripts/system/certctl.py
+++ b/src/opnsense/scripts/system/certctl.py
@@ -76,7 +76,7 @@ def cmd_rehash():
                     continue
                 cert = get_cert(filename)
                 if cert:
-                    nhash = hex(cert.subject_name_hash()).lstrip('0x')
+                    nhash = hex(cert.subject_name_hash()).lstrip('0x').zfill(8)
                     if nhash not in targets[targetname]:
                         targets[targetname][nhash] = []
                     targets[targetname][nhash].append(filename)