RT2547: Tighten perms on generated privkey files When generating a private key, try to make the output file be readable only by the owner. Put it in CHANGES file since it might be noticeable. Add "int private" flag to apps that write private keys, and check that it's set whenever we do write a private key. Checked via assert so that this bug (security-related) gets fixed. Thanks to Viktor for help in tracing the code-paths where private keys are written. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

commit: 3b061a00e39d2e4ad524ff01cbdc0c53fe8171ee [log] [tgz]
author: Rich Salz <rsalz@akamai.com> Sat May 02 10:01:33 2015 -0400
committer: Rich Salz <rsalz@openssl.org> Mon Jun 15 18:26:56 2015 -0400
tree: 0389af5c46f6c56ab6f88c737f55aa07493dfd39
parent: d31fb0b5b341aa7883b487d07e6a56d216224e25 [diff] [blame]
diff --git a/CHANGES b/CHANGES
index 6faf644..fae1123 100644
--- a/CHANGES
+++ b/CHANGES

@@ -41,6 +41,10 @@
      code and the associated standard is no longer considered fit-for-purpose.
      [Matt Caswell]
 
+  *) RT2547 was closed.  When generating a private key, try to make the
+     output file readable only by the owner.  This behavior change might
+     be noticeable when interacting with other software.
+
   *) Added HTTP GET support to the ocsp command.
      [Rich Salz]
commit	3b061a00e39d2e4ad524ff01cbdc0c53fe8171ee	[log] [tgz]
author	Rich Salz <rsalz@akamai.com>	Sat May 02 10:01:33 2015 -0400
committer	Rich Salz <rsalz@openssl.org>	Mon Jun 15 18:26:56 2015 -0400
tree	0389af5c46f6c56ab6f88c737f55aa07493dfd39
parent	d31fb0b5b341aa7883b487d07e6a56d216224e25 [diff] [blame]