chmod to secret certificate file to 0600
This commit is contained in:
parent
2ecc20e905
commit
772d617b73
1 changed files with 7 additions and 0 deletions
|
@ -125,6 +125,13 @@ class encrypted_webinterface(cryptobox.plugins.base.CryptoBoxPlugin):
|
||||||
self.cbox.prefs.create_misc_config_file(CERT_FILENAME, cert)
|
self.cbox.prefs.create_misc_config_file(CERT_FILENAME, cert)
|
||||||
self.cbox.log.info("Created new SSL certificate: %s" % \
|
self.cbox.log.info("Created new SSL certificate: %s" % \
|
||||||
cert_abs_name)
|
cert_abs_name)
|
||||||
|
## make it non-readable for other users
|
||||||
|
try:
|
||||||
|
os.chmod(cert_abs_name, 0600)
|
||||||
|
except OSError, err_msg:
|
||||||
|
self.cbox.log.warn("Failed to change permissions of secret " \
|
||||||
|
+ "certificate file (%s): %s" % \
|
||||||
|
(cert_abs_name, err_msg))
|
||||||
except IOError, err_msg:
|
except IOError, err_msg:
|
||||||
## do not run stunnel without a certificate
|
## do not run stunnel without a certificate
|
||||||
self.cbox.log.warn("Failed to create new SSL certificate (%s): %s" \
|
self.cbox.log.warn("Failed to create new SSL certificate (%s): %s" \
|
||||||
|
|
Loading…
Reference in a new issue