首頁 探索 說明
註冊 登入
Apq
/
acme.sh
镜像来自 https://github.com/acmesh-official/acme.sh.git
1
0
複刻 0
檔案 問題管理 0 Wiki
瀏覽代碼

haproxy: don't leak private keys when doing --debug

It was reported in issue #6267 that the private key was leaked when
using the DEPLOY_HAPROXY_HOT_UPDATE=yes feature.

Indeed, the debugging code which sends commands to HAProxy was using
_debug even when passing the private key.

This patch fixes the issue by using _secure_debug when doing that.
William Lallemand 7 月之前
父節點
45660902ed
當前提交
7e320d2748
共有 1 個文件被更改,包括 1 次插入1 次删除
分割檢視 顯示文件統計
  1. 1 1
      deploy/haproxy.sh

+ 1 - 1
deploy/haproxy.sh
查看文件 

@@ -357,7 +357,7 @@ haproxy_deploy() {
 
         _info "Update existing certificate '${_pem}' over HAProxy ${_socketname}."
 
       fi
 
       _socat_cert_set_cmd="echo -e '${_cmdpfx}set ssl cert ${_pem} <<\n$(cat "${_pem}")\n' | socat '${_statssock}' - | grep -q 'Transaction created'"
 
-      _debug _socat_cert_set_cmd "${_socat_cert_set_cmd}"
 
+      _secure_debug _socat_cert_set_cmd "${_socat_cert_set_cmd}"
 
       eval "${_socat_cert_set_cmd}"
 
       _ret=$?
 
       if [ "${_ret}" != "0" ]; then