IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

certs: do not export keys world-readable in install_key_from_p12

Browse Source 
Make sure the exported private key files are readable only by the owner.

https://pagure.io/freeipa/issue/6831

Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
This commit is contained in:
Jan Cholasta
2017-05-11 07:00:42 +00:00
committed by Martin Basti
parent b9fd123d61
commit 0c5b2c42bf
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
ipaserver/install/certs.py
View File

@@ -73,7 +73,8 @@ def install_key_from_p12(p12_fname, p12_passwd, pem_fname):
pwd = ipautil.write_tmp_file(p12_passwd)
ipautil.run([paths.OPENSSL, "pkcs12", "-nodes", "-nocerts",
"-in", p12_fname, "-out", pem_fname,
"-passin", "file:" + pwd.name])
"-passin", "file:" + pwd.name],
umask=0o077)
def export_pem_p12(pkcs12_fname, pkcs12_pwd_fname, nickname, pem_fname):