Commit 142a719f authored by Julien Muchembled's avatar Julien Muchembled

CertificateAuthorityTool: fix mode of private key to make it only readable by the owner

parent ec298331
...@@ -202,6 +202,7 @@ class CertificateAuthorityTool(BaseTool): ...@@ -202,6 +202,7 @@ class CertificateAuthorityTool(BaseTool):
cert = os.path.join(self.certificate_authority_path, 'certs', cert = os.path.join(self.certificate_authority_path, 'certs',
new_id + '.crt') new_id + '.crt')
try: try:
os.close(os.open(key, os.O_CREAT | os.O_EXCL, 0600))
popenCommunicate([self.openssl_binary, 'req', '-nodes', '-config', popenCommunicate([self.openssl_binary, 'req', '-nodes', '-config',
self.openssl_config, '-new', '-keyout', key, '-out', csr, '-days', self.openssl_config, '-new', '-keyout', key, '-out', csr, '-days',
'3650'], '%s\n' % common_name, stdin=subprocess.PIPE) '3650'], '%s\n' % common_name, stdin=subprocess.PIPE)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment