On Tue, Feb 13, 2024 at 08:44:41PM +0100, Ilya Maximets wrote:
> The output file of this openssl command is a certificate signed with
> pre-existing private key. It doesn't create a private key. The
> restricted permissions are explicitly removed from the resulted
> certificate right after its generation. So, there is no point in
> creating it with restricted permissions in the first place.
>
> Fixes: 99e5e05db37a ("ovs-pki: Create private keys with restricted
> permissions.")
> Signed-off-by: Ilya Maximets <[email protected]>
Hi Ilya,
I'm fine with this change, and agree with the explanation provided.
However, it is not clear to me that this is a fix, for which
my working definition is a user-visible problem, usually at run-time.
That notwithstanding, feel free to add.
Acked-by: Simon Horman <[email protected]>
...
_______________________________________________
dev mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
