diff options
| author | Guilhem Moulin <guilhem@fripost.org> | 2021-02-24 21:01:12 +0100 |
|---|---|---|
| committer | Guilhem Moulin <guilhem@fripost.org> | 2021-02-24 21:32:01 +0100 |
| commit | c612a7ff44995f4f9c39fa0fb68470d90c88decf (patch) | |
| tree | 4b0a3fd2c44dbc25653a93b7ec692a003f0e133b /Changelog | |
| parent | cdd025133a306cd8d3e81aa832ac056119d65f3a (diff) | |
lacme: Default mode for certificate(-chain) creation is 0644 minus umask restrictions.
Also, always spawn the client with umask 0022 so a starting lacme(8)
with a restrictive umask doesn't impede serving challenge response
files.
Diffstat (limited to 'Changelog')
| -rw-r--r-- | Changelog | 4 |
1 files changed, 4 insertions, 0 deletions
@@ -3,6 +3,10 @@ lacme (0.8.1) upstream; + lacme-accountd: improve log messages and refactor logging logic. + lacme-accountd: refuse to sign JWS with an invalid Protected Header. + lacme: don't write certificate(-chain) file on chown/chmod failure. + + lacme: default mode for certificate(-chain) creation is 0644 minus + umask restrictions. Also, always spawn the client with umask 0022 so + a starting lacme(8) with a restrictive umask doesn't impede serving + challenge files. - lacme: in the [accountd] config, let lacme-accountd(1) do the %-expansion for 'config', not lacme(8) when building the command. - lacme-accountd: don't log debug messages unless --debug is set. |