Commit 7cee6f36 authored by Stefan Fritsch's avatar Stefan Fritsch

Set umask before creating key

This makes sure that the generated key is not world-readable
for a short timespan while make-ssl-cert runs.
parent 6422468d
ssl-cert (1.0.36) UNRELEASED; urgency=medium
* Set umask to make sure that the generated key is not world-readable
for a short timespan while make-ssl-cert runs. Closes: #780828
-- Stefan Fritsch <sf@debian.org> Sun, 29 Mar 2015 22:25:51 +0200
ssl-cert (1.0.35) unstable; urgency=medium
* Update Vcs-Git URL in control file.
......
......@@ -99,6 +99,8 @@ create_temporary_cnf
# create the certificate.
umask 077
if [ "$1" != "generate-default-snakeoil" ]; then
if ! openssl req -config $TMPFILE -new -x509 -days 3650 -nodes -sha256 \
-out $output -keyout $output > $TMPOUT 2>&1
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment