diff options
-rw-r--r-- | NEWS | 5 | ||||
-rw-r--r-- | THANKS | 1 | ||||
-rw-r--r-- | src/certtool.c | 10 |
3 files changed, 15 insertions, 1 deletions
@@ -21,6 +21,11 @@ Reported by Daniel 'NebuchadnezzaR' Dehennin <nebuchadnezzar@asgardr.info> see <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=364287>. +** certtool: When writing private keys to files, change permissions of file. +Now the file which the private key is saved to is chmod'ed 0600. +Reported by martin f krafft <madduck@debian.org> see +<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=373169>. + ** guile: Fix -fgnu89-inline test. ** Removed --enable-profile-mode. @@ -81,6 +81,7 @@ John Brooks <aspecialj@gmail.com> Massimo Gaspari <massimo.gaspari@alice.it> Marc F. Clemente <marc@mclemente.net> Daniel Dehennin <nebuchadnezzar@asgardr.info> +martin f krafft <madduck@debian.org> ---------------------------------------------------------------------- Copying and distribution of this file, with or without modification, diff --git a/src/certtool.c b/src/certtool.c index 0e9a720fa8..31a7090666 100644 --- a/src/certtool.c +++ b/src/certtool.c @@ -34,6 +34,7 @@ #include <certtool-cfg.h> #include <gcrypt.h> #include <errno.h> +#include <sys/stat.h> /* Gnulib portability files. */ #include <read-file.h> @@ -231,6 +232,10 @@ print_private_key (gnutls_x509_privkey_t key) gnutls_strerror (ret)); } + ret = fchmod (fileno (outfile), S_IRUSR | S_IWUSR); + if (ret < 0) + error (EXIT_FAILURE, errno, "Cannot chmod private key file"); + fwrite (buffer, 1, size, outfile); } @@ -2218,7 +2223,6 @@ generate_pkcs8 (void) flags = GNUTLS_PKCS_PLAIN; } - size = sizeof (buffer); result = gnutls_x509_privkey_export_pkcs8 (key, info.outcert_format, @@ -2227,6 +2231,10 @@ generate_pkcs8 (void) if (result < 0) error (EXIT_FAILURE, 0, "key_export: %s", gnutls_strerror (result)); + result = fchmod (fileno (outfile), S_IRUSR | S_IWUSR); + if (result < 0) + error (EXIT_FAILURE, errno, "Cannot chmod private key file"); + fwrite (buffer, 1, size, outfile); } |