diff options
author | Tollef Fog Heen <tfheen@err.no> | 2010-03-01 20:49:15 +0100 |
---|---|---|
committer | Tollef Fog Heen <tfheen@err.no> | 2010-03-01 20:49:15 +0100 |
commit | 9f9a221976e5b31085defd9c187ed4e98a3ca525 (patch) | |
tree | 8d79c437a15ce8d5a2819fdbfa1beb6aef0d57b5 | |
parent | b165dedf145c2c27168f8cdc87bdd61336c6a02a (diff) | |
download | chef-9f9a221976e5b31085defd9c187ed4e98a3ca525.tar.gz |
Make sure we protect the CA key properly
-rw-r--r-- | chef/lib/chef/certificate.rb | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/chef/lib/chef/certificate.rb b/chef/lib/chef/certificate.rb index 1b32c2a59d..e39e1919fc 100644 --- a/chef/lib/chef/certificate.rb +++ b/chef/lib/chef/certificate.rb @@ -71,7 +71,7 @@ class Chef ca_cert.sign keypair, OpenSSL::Digest::SHA1.new File.open(ca_cert_file, "w") { |f| f.write ca_cert.to_pem } - File.open(ca_keypair_file, "w") { |f| f.write keypair.to_pem } + File.open(ca_keypair_file, File::WRONLY|File::EXCL|File::CREAT, 0600) { |f| f.write keypair.to_pem } end self end |