lacme: Default mode for certificate(-chain) creation is 0644 minus umask restrictions.

Also, always spawn the client with umask 0022 so a starting lacme(8) with a restrictive umask doesn't impede serving challenge response files.
author: Guilhem Moulin <guilhem@fripost.org> 2021-02-24 21:01:12 +0100
committer: Guilhem Moulin <guilhem@fripost.org> 2021-02-24 21:32:01 +0100
commit: c612a7ff44995f4f9c39fa0fb68470d90c88decf (patch)
tree: 4b0a3fd2c44dbc25653a93b7ec692a003f0e133b /client
parent: cdd025133a306cd8d3e81aa832ac056119d65f3a (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/client b/client
index 6438f6a..33189d3 100755
--- a/client
+++ b/client
@@ -338,7 +338,8 @@ elsif ($COMMAND eq 'newOrder') {
         my $keyAuthorization = $challenge->{token}.'.'.$JWK_thumbprint;
 
         # serve $keyAuthorization at http://$domain/.well-known/acme-challenge/$challenge->{token}
-        if (sysopen(my $fh, $challenge->{token}, O_CREAT|O_EXCL|O_WRONLY, 0644)) {
+        if (sysopen(my $fh, $challenge->{token}, O_CREAT|O_EXCL|O_WRONLY)) {
+            # note: the file is created mode 0666 minus umask restrictions
             $fh->print($keyAuthorization);
             $fh->close() or die "close: $!";
         } elsif ($! == EEXIST) {
author	Guilhem Moulin <guilhem@fripost.org>	2021-02-24 21:01:12 +0100
committer	Guilhem Moulin <guilhem@fripost.org>	2021-02-24 21:32:01 +0100
commit	c612a7ff44995f4f9c39fa0fb68470d90c88decf (patch)
tree	4b0a3fd2c44dbc25653a93b7ec692a003f0e133b /client
parent	cdd025133a306cd8d3e81aa832ac056119d65f3a (diff)