blob: 9f80f76e09447e0175feb3f1be6837df3d8dc914 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
|
From 6bdb22ef951b4b3e83c788fcb20e4dddf8301ad3 Mon Sep 17 00:00:00 2001
From: Jorge Pereira <jpereiran@gmail.com>
Date: Mon, 18 Nov 2019 12:43:29 -0300
Subject: [PATCH] Fix permissions of certs in bootstrap fallback. ref #3132
---
raddb/certs/bootstrap | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/raddb/certs/bootstrap b/raddb/certs/bootstrap
index 0f719aafd4..57de8cf0d7 100755
--- a/raddb/certs/bootstrap
+++ b/raddb/certs/bootstrap
@@ -42,6 +42,7 @@ fi
if [ ! -f server.key ]; then
openssl req -new -out server.csr -keyout server.key -config ./server.cnf || exit 1
+ chmod g+r server.key
fi
if [ ! -f ca.key ]; then
@@ -62,11 +63,13 @@ fi
if [ ! -f server.p12 ]; then
openssl pkcs12 -export -in server.crt -inkey server.key -out server.p12 -passin pass:`grep output_password server.cnf | sed 's/.*=//;s/^ *//'` -passout pass:`grep output_password server.cnf | sed 's/.*=//;s/^ *//'` || exit 1
+ chmod g+r server.p12
fi
if [ ! -f server.pem ]; then
openssl pkcs12 -in server.p12 -out server.pem -passin pass:`grep output_password server.cnf | sed 's/.*=//;s/^ *//'` -passout pass:`grep output_password server.cnf | sed 's/.*=//;s/^ *//'` || exit 1
openssl verify -CAfile ca.pem server.pem || exit 1
+ chmod g+r server.pem
fi
if [ ! -f ca.der ]; then
@@ -75,6 +78,7 @@ fi
if [ ! -f client.key ]; then
openssl req -new -out client.csr -keyout client.key -config ./client.cnf
+ chmod g+r client.key
fi
if [ ! -f client.crt ]; then
|
