We should generate private keys with 0600.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10234
Pair-Programmed-With: Björn Baumbach <bb@sernet.de>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
my $admincertfile = "$tlsdir/admincert.pem";
my $admincertupnfile = "$tlsdir/admincertupn.pem";
- mkdir($tlsdir, 0777);
+ mkdir($tlsdir, 0700);
+ my $oldumask = umask;
+ umask 0077;
#This is specified here to avoid draining entropy on every run
open(DHFILE, ">$dhfile");
Wfz/8alZ5aMezCQzXJyIaJsCLeKABosSwHcpAFmxlQ==
-----END CERTIFICATE-----
EOF
+
+ umask $oldumask;
}
sub provision_raw_prepare($$$$$$$$$$)