From c612a7ff44995f4f9c39fa0fb68470d90c88decf Mon Sep 17 00:00:00 2001
From: Guilhem Moulin <guilhem@fripost.org>
Date: Wed, 24 Feb 2021 21:01:12 +0100
Subject: lacme: Default mode for certificate(-chain) creation is 0644 minus
 umask restrictions.

Also, always spawn the client with umask 0022 so a starting lacme(8)
with a restrictive umask doesn't impede serving challenge response
files.
---
 Changelog | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'Changelog')

diff --git a/Changelog b/Changelog
index 2a027f1..f7f11f6 100644
--- a/Changelog
+++ b/Changelog
@@ -3,6 +3,10 @@ lacme (0.8.1) upstream;
  + lacme-accountd: improve log messages and refactor logging logic.
  + lacme-accountd: refuse to sign JWS with an invalid Protected Header.
  + lacme: don't write certificate(-chain) file on chown/chmod failure.
+ + lacme: default mode for certificate(-chain) creation is 0644 minus
+   umask restrictions.  Also, always spawn the client with umask 0022 so
+   a starting lacme(8) with a restrictive umask doesn't impede serving
+   challenge files.
  - lacme: in the [accountd] config, let lacme-accountd(1) do the
    %-expansion for 'config', not lacme(8) when building the command.
  - lacme-accountd: don't log debug messages unless --debug is set.
-- 
cgit v1.2.3