chmod to secret certificate file to 0600

This commit is contained in:
lars 2007-01-25 23:14:08 +00:00
parent 2ecc20e905
commit 772d617b73

View file

@ -125,6 +125,13 @@ class encrypted_webinterface(cryptobox.plugins.base.CryptoBoxPlugin):
self.cbox.prefs.create_misc_config_file(CERT_FILENAME, cert) self.cbox.prefs.create_misc_config_file(CERT_FILENAME, cert)
self.cbox.log.info("Created new SSL certificate: %s" % \ self.cbox.log.info("Created new SSL certificate: %s" % \
cert_abs_name) cert_abs_name)
## make it non-readable for other users
try:
os.chmod(cert_abs_name, 0600)
except OSError, err_msg:
self.cbox.log.warn("Failed to change permissions of secret " \
+ "certificate file (%s): %s" % \
(cert_abs_name, err_msg))
except IOError, err_msg: except IOError, err_msg:
## do not run stunnel without a certificate ## do not run stunnel without a certificate
self.cbox.log.warn("Failed to create new SSL certificate (%s): %s" \ self.cbox.log.warn("Failed to create new SSL certificate (%s): %s" \