diff options
| author | Nikos Mavrogiannopoulos <nmav@crystal.(none)> | 2008-05-18 19:13:53 +0300 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@crystal.(none)> | 2008-05-18 19:13:53 +0300 |
| commit | d0629b2c7d20c32c746cc221e997485d63ee2d71 (patch) | |
| tree | 00522ba398cc7960eb01348357b55e168ddf2fa1 /src/certtool.gaa | |
| parent | 8aa3130a523e4b8c4b68d5b0e49db8d9957e6c27 (diff) | |
| download | gnutls-d0629b2c7d20c32c746cc221e997485d63ee2d71.tar.gz | |
Use umask to restrict the newly created file's permissions if operating on a private key.
This effectively fixes the issue reported at <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=373169>
and the followups.
Diffstat (limited to 'src/certtool.gaa')
| -rw-r--r-- | src/certtool.gaa | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/src/certtool.gaa b/src/certtool.gaa index e5316bc06f..623678405b 100644 --- a/src/certtool.gaa +++ b/src/certtool.gaa @@ -13,6 +13,7 @@ void certtool_version(void); helpnode "Certtool help\nUsage: certtool [options]" +#int privkey_op; #int action; option (s, generate-self-signed) { $action=0; } "Generate a self-signed certificate." @@ -24,7 +25,7 @@ option (generate-crl) { $action=13; } "Generate a CRL." option (u, update-certificate) { $action=7; } "Update a signed certificate." -option (p, generate-privkey) { $action=1; } "Generate a private key." +option (p, generate-privkey) { $privkey_op=1; $action=1; } "Generate a private key." option (q, generate-request) { $action=3; } "Generate a PKCS #10 certificate request." @@ -67,12 +68,14 @@ option (p7-info) { $action = 12; } "Print information on a PKCS #7 structure." option (smime-to-p7) { $action = 15; } "Convert S/MIME to PKCS #7 structure." -option (k, key-info) { $action = 6; } "Print information on a private key." +/* on private key operations set $privkey_op to != 0 + */ +option (k, key-info) { $privkey_op=1; $action = 6; } "Print information on a private key." -option (pgp-key-info) { $action = 20; } "Print information on a OpenPGP private key." +option (pgp-key-info) { $privkey_op=1; $action = 20; } "Print information on a OpenPGP private key." #int fix_key; -option (fix-key) { $fix_key = 1; } "Regenerate the parameters in a private key." +option (fix-key) { $privkey_op=1; $fix_key = 1; } "Regenerate the parameters in a private key." #int v1_cert; option (v1) { $v1_cert = 1; } "Generate an X.509 version 1 certificate (no extensions)." @@ -127,5 +130,6 @@ option (v, version) { certtool_version(); exit(0); } "shows the program's versio init { $bits = 2048; $pkcs8 = 0; $privkey = NULL; $ca=NULL; $ca_privkey = NULL; $debug=1; $request = NULL; $infile = NULL; $outfile = NULL; $cert = NULL; $incert_format = 0; $outcert_format = 0; $action=-1; $pass = NULL; $v1_cert = 0; - $export = 0; $template = NULL; $hash=NULL; $fix_key = 0; $quick_random=1; } + $export = 0; $template = NULL; $hash=NULL; $fix_key = 0; $quick_random=1; + $privkey_op = 0; } |