Commit 0e1958b2 authored by Maiken's avatar Maiken
Browse files

Permission change for hostcert key in TestCA must happen after moving files to...

Permission change for hostcert key in TestCA must happen after moving files to workdir (or use original tmp folder to access files). Also loosening the permission requirements on the host certificate key to avoid unnecessary error in validator.
parent a5cf38b1
......@@ -278,8 +278,8 @@ sub confchecktripel($$$) {
e("The host key '$value' does not exist or is unreadable.\n");
} elsif (! -O $value) {
e("The host key '$value' is not owned by this user.\n");
} elsif (!permcheck($value,0400,0777)) {
e("Permission of '$value' must be 'r--------'\n");
} elsif (!permcheck($value,0400,0777) and !permcheck($value,0600,0777)) {
e("Permission of '$value' must be 'r--------' or 'rw-------'\n");
}
}
......
......@@ -63,9 +63,9 @@ class TestCAControl(ComponentControl):
logger.error('Host certificate for %s is already exists.', hostname)
shutil.rmtree(tmpdir)
sys.exit(1)
os.chmod(os.path.join(workdir, keyfname), stat.S_IRUSR | stat.S_IWUSR)
shutil.move(hostcertfiles.certLocation, os.path.join(workdir, certfname))
shutil.move(hostcertfiles.keyLocation, os.path.join(workdir, keyfname))
os.chmod(os.path.join(workdir, keyfname), stat.S_IRUSR | stat.S_IWUSR)
print('Host certificate and key are saved to {0} and {1} respectively.'.format(certfname, keyfname))
else:
if not args.force:
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment