Set secure umask when generating key

2018-02-08 17:58:12 -05:00 · 2018-02-08 17:58:12 -05:00 · a8a5672c34
commit a8a5672c34
parent 78915896d5
1 changed files with 10 additions and 7 deletions
--- a/acme.sh
+++ b/acme.sh
@ -979,6 +979,8 @@ _createkey() {
    fi
  fi

+  (
+    umask 0077
    if _isEccKey "$length"; then
      _debug "Using ec name: $eccname"
      ${ACME_OPENSSL_BIN:-openssl} ecparam -name "$eccname" -genkey 2>/dev/null >"$f"
@ -986,6 +988,7 @@ _createkey() {
      _debug "Using RSA: $length"
      ${ACME_OPENSSL_BIN:-openssl} genrsa "$length" 2>/dev/null >"$f"
    fi
+  )

  if [ "$?" != "0" ]; then
    _err "Create key error."