the users of this should be using now libressl's certhash. and
c_rehash is planned to be moved to ca-certificates so it can
avoid dependency on libressl main package.