Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Valdate certificate before overwriting #9

Merged
merged 2 commits into from Sep 7, 2019

Conversation

@ganto
Copy link
Owner

commented Sep 7, 2019

So far the acme-tiny output has been overwriting existing certificates during execution. This resulted in an empty file if the command failed. This meant that a valid certificate was replaced with an empty file resulting in a denial of service on restart of most TLS services depending on that certificate.

Now we will write the new certificate in a temporary file, validate it to be a x509 certificate and then only overwrite the old certificate. Additionally a backup copy of the old certificate is made by default.

@ganto ganto merged commit d63c8d0 into master Sep 7, 2019
2 checks passed
2 checks passed
continuous-integration/travis-ci/pr The Travis CI build passed
Details
continuous-integration/travis-ci/push The Travis CI build passed
Details
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
1 participant
You can’t perform that action at this time.