685 if #arg >= 1 and arg[1] ~= "--help" then |
685 if #arg >= 1 and arg[1] ~= "--help" then |
686 local key_filename = (CFG_DATADIR or ".") .. "/" .. arg[1] .. ".key"; |
686 local key_filename = (CFG_DATADIR or ".") .. "/" .. arg[1] .. ".key"; |
687 if ask_overwrite(key_filename) then |
687 if ask_overwrite(key_filename) then |
688 return nil, key_filename; |
688 return nil, key_filename; |
689 end |
689 end |
690 os.remove(key_filename); -- We chmod this file to not have write permissions |
690 os.remove(key_filename); -- This file, if it exists is unlikely to have write permissions |
691 local key_size = tonumber(arg[2] or show_prompt("Choose key size (2048):") or 2048); |
691 local key_size = tonumber(arg[2] or show_prompt("Choose key size (2048):") or 2048); |
|
692 local old_umask = pposix.umask("0377"); |
692 if openssl.genrsa{out=key_filename, key_size} then |
693 if openssl.genrsa{out=key_filename, key_size} then |
693 os.execute(("chmod 400 '%s'"):format(key_filename)); |
694 os.execute(("chmod 400 '%s'"):format(key_filename)); |
694 show_message("Key written to ".. key_filename); |
695 show_message("Key written to ".. key_filename); |
|
696 pposix.umask(old_umask); |
695 return nil, key_filename; |
697 return nil, key_filename; |
696 end |
698 end |
697 show_message("There was a problem, see OpenSSL output"); |
699 show_message("There was a problem, see OpenSSL output"); |
698 else |
700 else |
699 show_usage("cert key HOSTNAME <bits>", "Generates a RSA key named HOSTNAME.key\n " |
701 show_usage("cert key HOSTNAME <bits>", "Generates a RSA key named HOSTNAME.key\n " |