Re: Relaxing SSL key permission checks

Re: Peter Eisentraut 2016-03-16 <56E8C221.1050206@gmx.net>
> >> * it failed to check for S_IXUSR, so permissions 0700 were okay, in
> >> contradiction with what the error message indicates.  This is a
> >> preexisting bug actually.  Do we want to fix it by preventing a
> >> user-executable file (possibly breaking compability with existing
> >> executable key files), or do we want to document what the restriction
> >> really is?
> > 
> > I think we should not check for S_IXUSR.  There is no reason for doing that.
> > 
> > I can imagine that key files are sometimes copied around using USB
> > drives with FAT file systems or other means of that sort where
> > permissions can scrambled.  While I hate gratuitous executable bits as
> > much as the next person, insisting here would just create annoyances in
> > practice.
> 
> I'm happy with this patch except this minor point.  Any final comments?

I'm fine with that change.

Do you want me to update the patch or do you already have a new
version, given it's marked as Ready for Committer?

Christoph
-- 
cb@df7cb.de | http://www.df7cb.de/