diff options
author | Simon Josefsson <simon@josefsson.org> | 2008-05-16 14:17:26 +0200 |
---|---|---|
committer | Simon Josefsson <simon@josefsson.org> | 2008-05-16 14:17:26 +0200 |
commit | 1f808bbed485731d69a8c37509487632674c7d52 (patch) | |
tree | b74a4b74520b6cc548905472dabe9891d4eeac03 | |
parent | 6f774053240717cac8ec2d0b475e3e33dd89444d (diff) | |
download | gnutls-1f808bbed485731d69a8c37509487632674c7d52.tar.gz |
certtool: When writing private keys to files, change permissions of file.
Now the file which the private key is saved to is chmod'ed 0600.
Reported by martin f krafft <madduck@debian.org> see
<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=373169>.
-rw-r--r-- | NEWS | 5 | ||||
-rw-r--r-- | THANKS | 1 | ||||
-rw-r--r-- | src/certtool.c | 10 |
3 files changed, 15 insertions, 1 deletions
@@ -21,6 +21,11 @@ Reported by Daniel 'NebuchadnezzaR' Dehennin <nebuchadnezzar@asgardr.info> see <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=364287>. +** certtool: When writing private keys to files, change permissions of file. +Now the file which the private key is saved to is chmod'ed 0600. +Reported by martin f krafft <madduck@debian.org> see +<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=373169>. + ** guile: Fix -fgnu89-inline test. ** Removed --enable-profile-mode. @@ -81,6 +81,7 @@ John Brooks <aspecialj@gmail.com> Massimo Gaspari <massimo.gaspari@alice.it> Marc F. Clemente <marc@mclemente.net> Daniel Dehennin <nebuchadnezzar@asgardr.info> +martin f krafft <madduck@debian.org> ---------------------------------------------------------------------- Copying and distribution of this file, with or without modification, diff --git a/src/certtool.c b/src/certtool.c index 0e9a720fa8..31a7090666 100644 --- a/src/certtool.c +++ b/src/certtool.c @@ -34,6 +34,7 @@ #include <certtool-cfg.h> #include <gcrypt.h> #include <errno.h> +#include <sys/stat.h> /* Gnulib portability files. */ #include <read-file.h> @@ -231,6 +232,10 @@ print_private_key (gnutls_x509_privkey_t key) gnutls_strerror (ret)); } + ret = fchmod (fileno (outfile), S_IRUSR | S_IWUSR); + if (ret < 0) + error (EXIT_FAILURE, errno, "Cannot chmod private key file"); + fwrite (buffer, 1, size, outfile); } @@ -2218,7 +2223,6 @@ generate_pkcs8 (void) flags = GNUTLS_PKCS_PLAIN; } - size = sizeof (buffer); result = gnutls_x509_privkey_export_pkcs8 (key, info.outcert_format, @@ -2227,6 +2231,10 @@ generate_pkcs8 (void) if (result < 0) error (EXIT_FAILURE, 0, "key_export: %s", gnutls_strerror (result)); + result = fchmod (fileno (outfile), S_IRUSR | S_IWUSR); + if (result < 0) + error (EXIT_FAILURE, errno, "Cannot chmod private key file"); + fwrite (buffer, 1, size, outfile); } |