diff options
author | Andrew Cady <d@jerkface.net> | 2016-05-01 00:15:54 -0400 |
---|---|---|
committer | Andrew Cady <d@jerkface.net> | 2016-05-01 00:16:03 -0400 |
commit | 1a03d33cb840b5484f5d3f0954e29643332d5993 (patch) | |
tree | 2e699a75662a31217fd136918b3616b352832264 | |
parent | 3f29357ec3b42450a01ef58d20df1534bf126466 (diff) |
ensure created certs have proper permissions
-rw-r--r-- | acme-certify.hs | 15 |
1 files changed, 13 insertions, 2 deletions
diff --git a/acme-certify.hs b/acme-certify.hs index 0215219..b246a66 100644 --- a/acme-certify.hs +++ b/acme-certify.hs | |||
@@ -409,8 +409,19 @@ saveCertificate :: X509 -> Maybe DHP -> Keys -> CertSpec -> X509 -> IO () | |||
409 | saveCertificate issuerCert dh domainKeys cs = saveBoth | 409 | saveCertificate issuerCert dh domainKeys cs = saveBoth |
410 | where | 410 | where |
411 | saveBoth x509 = savePEM x509 >> saveCombined x509 | 411 | saveBoth x509 = savePEM x509 >> saveCombined x509 |
412 | saveCombined = combinedCert issuerCert dh domainKeys >=> writeFile (domainCombinedFile cs) | 412 | saveCombined = combinedCert issuerCert dh domainKeys >=> writePrivateFile (domainCombinedFile cs) |
413 | savePEM = writeX509 >=> writeFile (domainCertFile cs) | 413 | savePEM = writeX509 >=> writePrivateFile (domainCertFile cs) |
414 | |||
415 | writePrivateFile :: FilePath -> String -> IO () | ||
416 | writePrivateFile fn content = do | ||
417 | touchFile fn | ||
418 | setPermissions fn privatePerms | ||
419 | writeFile fn content | ||
420 | where | ||
421 | privatePerms = emptyPermissions & setOwnerReadable True & setOwnerWritable True | ||
422 | |||
423 | touchFile :: FilePath -> IO () | ||
424 | touchFile fn = writeFile fn "" | ||
414 | 425 | ||
415 | domainDhFile :: CertSpec -> FilePath | 426 | domainDhFile :: CertSpec -> FilePath |
416 | domainDhFile CertSpec{..} = csCertificateDir </> "dhparams.pem" | 427 | domainDhFile CertSpec{..} = csCertificateDir </> "dhparams.pem" |