forks/molly-brown
1
0
Fork 0
Code Releases Activity

Refuse to use a world-readable TLS key.

Browse source
This commit is contained in:
Solderpunk 2023-02-07 19:23:35 +01:00
parent c0d0c0991c
commit 16bf8e0534
1 changed files with 10 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
main.go
View file

@ -64,6 +64,16 @@ func main() {
} }
// Read TLS files, create TLS config // Read TLS files, create TLS config
// Check key file permissions first
info, err := os.Stat(config.KeyPath)
if err != nil {
errorLog.Println("Error opening TLS key file: " + err.Error())
log.Fatal(err)
}
if uint64(info.Mode().Perm())&0444 == 0444 {
errorLog.Println("Refusing to use world-readable TLS key file " + config.KeyPath)
os.Exit(0)
}
cert, err := tls.LoadX509KeyPair(config.CertPath, config.KeyPath) cert, err := tls.LoadX509KeyPair(config.CertPath, config.KeyPath)
if err != nil { if err != nil {
errorLog.Println("Error loading TLS keypair: " + err.Error()) errorLog.Println("Error loading TLS keypair: " + err.Error())