Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Generated SSL certificate files should only be readable by owner. #8510

Merged
merged 3 commits into from Dec 19, 2016
Merged

Generated SSL certificate files should only be readable by owner. #8510

merged 3 commits into from Dec 19, 2016

Conversation

srbaker
Copy link
Contributor

@srbaker srbaker commented Dec 13, 2016
edited by spacecowboy

Before

$ bin/neo4j console
WARNING: Max 1024 open files allowed, minimum of 40 000 recommended. See the Neo4j manual.
Starting Neo4j Server console-mode...
2016-12-13 14:39:03.450+0100 INFO  No SSL certificate found, generating a self-signed certificate..
2016-12-13 14:39:07.268+0100 INFO  Successfully started database
2016-12-13 14:39:07.299+0100 INFO  Starting HTTP on port 7474 (4 threads available)
2016-12-13 14:39:07.497+0100 INFO  Enabling HTTPS on port 7473
2016-12-13 14:39:07.569+0100 INFO  Mounting static content at /webadmin
2016-12-13 14:39:07.621+0100 INFO  Mounting static content at /browser
2016-12-13 14:39:08.598+0100 INFO  Remote interface ready and available at http://localhost:7474/
^C2016-12-13 14:39:28.383+0100 INFO  Neo4j Server shutdown initiated by request
2016-12-13 14:39:28.393+0100 INFO  Successfully shutdown Neo4j Server
2016-12-13 14:39:28.505+0100 INFO  Successfully stopped database
2016-12-13 14:39:28.505+0100 INFO  Successfully shutdown database
$ ls -l conf/ssl
total 8
-rw-r--r-- 1 srbaker srbaker 631 Dec 13 14:39 snakeoil.cert
-rw-r--r-- 1 srbaker srbaker 912 Dec 13 14:39 snakeoil.key

After

$ bin/neo4j console
WARNING: Max 1024 open files allowed, minimum of 40 000 recommended. See the Neo4j manual.
Starting Neo4j Server console-mode...
2016-12-13 14:47:02.547+0100 INFO  No SSL certificate found, generating a self-signed certificate..
2016-12-13 14:47:06.039+0100 INFO  Successfully started database
2016-12-13 14:47:06.063+0100 INFO  Starting HTTP on port 7474 (4 threads available)
2016-12-13 14:47:06.269+0100 INFO  Enabling HTTPS on port 7473
2016-12-13 14:47:06.327+0100 INFO  Mounting static content at /webadmin
2016-12-13 14:47:06.371+0100 INFO  Mounting static content at /browser
2016-12-13 14:47:07.399+0100 INFO  Remote interface ready and available at http://localhost:7474/
^C2016-12-13 14:47:13.193+0100 INFO  Neo4j Server shutdown initiated by request
2016-12-13 14:47:13.204+0100 INFO  Successfully shutdown Neo4j Server
2016-12-13 14:47:13.452+0100 INFO  Successfully stopped database
2016-12-13 14:47:13.452+0100 INFO  Successfully shutdown database
$ ls -l conf/ssl/
total 8
-rw------- 1 srbaker srbaker 631 Dec 13 14:47 snakeoil.cert
-rw------- 1 srbaker srbaker 916 Dec 13 14:47 snakeoil.key

changelog [security]

@spacecowboy spacecowboy self-requested a review December 13, 2016 13:52
spacecowboy
spacecowboy approved these changes Dec 13, 2016
View reviewed changes
Copy link
Contributor

@spacecowboy spacecowboy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice

@spacecowboy
Copy link
Contributor

Test failure is unrelated to this PR and seems to be something flaky at that.

@srbaker srbaker merged commit a834ba6 into neo4j:2.3 Dec 19, 2016
@srbaker srbaker deleted the 2.3-more-restrictive-permissions-on-generated-certificates branch December 19, 2016 11:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@spacecowboy spacecowboy spacecowboy approved these changes

Assignees
No one assigned
Labels
2.3 changelog operability
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@srbaker @spacecowboy