Upstream OpenSSL recommend using 'openssl rehash' now. There have been two vulnerabilities in their own script (predecessor to 'openssl rehash', not the same as the now built-in command) which don't seem to affect us, but we should migrate to be safe anyway, as it's not impossible we could fall prey to similar issues. See bug 855491 and bug 842489.