I have discussed this once with Kyle Evans (kevans@). *.n (e.g. *.0, *.1, etc.) is OpenSSL private indexed output for certificates with the same subject hash. They are not intended to be used a input. See also https://www.openssl.org/docs/man1.1.1/man1/rehash.html: rehash scans directories and calculates a hash value of each .pem, .crt, .cer, or .crl file in the specified directory list ... This extension should be (deprecated and) removed from the script.
let's put kevans@ in cc then
It looks like it has already been removed from the script in base 05a16147fb39. Only the manpage still needs to be updated.
(In reply to Tijl Coosemans from comment #2) Indeed, this patch is in all stable branches, but the manpage needs an update. I am willing to provide a patch if someone would be so kind to review and commit it.
(In reply to Michael Osipov from comment #3) The EXTENSIONS variable should be removed from the ENVIRONMENT section because there's no such variable in the script. Perhaps the list of extensions can be mentioned as part of the description of the rehash command.
(In reply to Tijl Coosemans from comment #4) Totally right: $ grep -e DESTDIR: -e TRUSTPATH: -e BLACKLISTPATH: -e CERTDESTDIR: -e BLACKLISTDESTDIR: -e EXTENSIONS: /usr/sbin/certctl : ${DESTDIR:=} : ${TRUSTPATH:=${DESTDIR}/usr/share/certs/trusted:${DESTDIR}${LOCALBASE}/share/certs:${DESTDIR}${LOCALBASE}/etc/ssl/certs} : ${BLACKLISTPATH:=${DESTDIR}/usr/share/certs/blacklisted:${DESTDIR}${LOCALBASE}/etc/ssl/blacklisted} : ${CERTDESTDIR:=${DESTDIR}/etc/ssl/certs} : ${BLACKLISTDESTDIR:=${DESTDIR}/etc/ssl/blacklisted}