Commit 88828491 authored by Michael Hanselmann's avatar Michael Hanselmann
Browse files

bootstrap: Don't leak file descriptor when generating SSL certificate


Signed-off-by: default avatarMichael Hanselmann <hansmi@google.com>
Reviewed-by: default avatarIustin Pop <iustin@google.com>
parent 6096ee13
......@@ -79,24 +79,27 @@ def _GenerateSelfSignedSslCert(file_name, validity=(365 * 5)):
"""
(fd, tmp_file_name) = tempfile.mkstemp(dir=os.path.dirname(file_name))
try:
# Set permissions before writing key
os.chmod(tmp_file_name, 0600)
result = utils.RunCmd(["openssl", "req", "-new", "-newkey", "rsa:1024",
"-days", str(validity), "-nodes", "-x509",
"-keyout", tmp_file_name, "-out", tmp_file_name,
"-batch"])
if result.failed:
raise errors.OpExecError("Could not generate SSL certificate, command"
" %s had exitcode %s and error message %s" %
(result.cmd, result.exit_code, result.output))
# Make read-only
os.chmod(tmp_file_name, 0400)
os.rename(tmp_file_name, file_name)
try:
# Set permissions before writing key
os.chmod(tmp_file_name, 0600)
result = utils.RunCmd(["openssl", "req", "-new", "-newkey", "rsa:1024",
"-days", str(validity), "-nodes", "-x509",
"-keyout", tmp_file_name, "-out", tmp_file_name,
"-batch"])
if result.failed:
raise errors.OpExecError("Could not generate SSL certificate, command"
" %s had exitcode %s and error message %s" %
(result.cmd, result.exit_code, result.output))
# Make read-only
os.chmod(tmp_file_name, 0400)
os.rename(tmp_file_name, file_name)
finally:
utils.RemoveFile(tmp_file_name)
finally:
utils.RemoveFile(tmp_file_name)
os.close(fd)
def _InitGanetiServerSetup():
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment