Change permissions on SSL keys to 640
This tightens up the security on the SSL keys stored in /etc/apache2/ssl/<service> to be no longer world readable. Change-Id: I0951deff4ec95b1fc7f4389dc083c8957f8db6f0 Closes-Bug: #1761305
This commit is contained in:
parent
92f5248a07
commit
6470d6dd2c
|
@ -797,9 +797,9 @@ class ApacheSSLContext(OSContextGenerator):
|
|||
key_filename = 'key'
|
||||
|
||||
write_file(path=os.path.join(ssl_dir, cert_filename),
|
||||
content=b64decode(cert))
|
||||
content=b64decode(cert), perms=0o640)
|
||||
write_file(path=os.path.join(ssl_dir, key_filename),
|
||||
content=b64decode(key))
|
||||
content=b64decode(key), perms=0o640)
|
||||
|
||||
def configure_ca(self):
|
||||
ca_cert = get_ca_cert()
|
||||
|
|
|
@ -94,10 +94,10 @@ class SSLContext(context.ApacheSSLContext):
|
|||
|
||||
write_file(path=os.path.join(self.ssl_dir, 'cert_{}'.format(cn)),
|
||||
content=cert, owner=SSH_USER, group=KEYSTONE_USER,
|
||||
perms=0o644)
|
||||
perms=0o640)
|
||||
write_file(path=os.path.join(self.ssl_dir, 'key_{}'.format(cn)),
|
||||
content=key, owner=SSH_USER, group=KEYSTONE_USER,
|
||||
perms=0o644)
|
||||
perms=0o640)
|
||||
|
||||
def configure_ca(self):
|
||||
from keystone_utils import (
|
||||
|
|
Loading…
Reference in New Issue