RT2547: Tighten perms on generated privkey files

When generating a private key, try to make the output file be readable only by the owner. Put it in CHANGES file since it might be noticeable. Add "int private" flag to apps that write private keys, and check that it's set whenever we do write a private key. Checked via assert so that this bug (security-related) gets fixed. Thanks to Viktor for help in tracing the code-paths where private keys are written. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
author: Rich Salz <rsalz@akamai.com> 2015-05-02 10:01:33 -0400
committer: Rich Salz <rsalz@openssl.org> 2015-06-15 18:26:56 -0400
commit: 3b061a00e39d2e4ad524ff01cbdc0c53fe8171ee (patch)
tree: 0389af5c46f6c56ab6f88c737f55aa07493dfd39 /CHANGES
parent: d31fb0b5b341aa7883b487d07e6a56d216224e25 (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/CHANGES b/CHANGES
index 6faf64424a..fae11230fc 100644
--- a/CHANGES
+++ b/CHANGES
@@ -41,6 +41,10 @@
      code and the associated standard is no longer considered fit-for-purpose.
      [Matt Caswell]
 
+  *) RT2547 was closed.  When generating a private key, try to make the
+     output file readable only by the owner.  This behavior change might
+     be noticeable when interacting with other software.
+
   *) Added HTTP GET support to the ocsp command.
      [Rich Salz]
author	Rich Salz <rsalz@akamai.com>	2015-05-02 10:01:33 -0400
committer	Rich Salz <rsalz@openssl.org>	2015-06-15 18:26:56 -0400
commit	3b061a00e39d2e4ad524ff01cbdc0c53fe8171ee (patch)
tree	0389af5c46f6c56ab6f88c737f55aa07493dfd39 /CHANGES
parent	d31fb0b5b341aa7883b487d07e6a56d216224e25 (diff)