From 0cd3f3c5a18371052e9df47c0232135552d96305 Mon Sep 17 00:00:00 2001
From: Ian Gulliver <flamingcow@google.com>
Date: Fri, 2 Sep 2016 20:52:11 -0700
Subject: [PATCH] Make keys world-readable, since they're not only used by root

---
 server/modules/certclient.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/server/modules/certclient.py b/server/modules/certclient.py
index 4566704..97fbac3 100755
--- a/server/modules/certclient.py
+++ b/server/modules/certclient.py
@@ -116,7 +116,7 @@ SUBJECT="$(echo '%(subject)s' | sed s/SYSTEMID/$(hostname)/g)"
 
 if test ! -s "${KEY}"; then
   openssl ecparam -name secp384r1 -genkey | openssl ec -out "${KEY}"
-  chmod 0400 "${KEY}"
+  chmod 0444 "${KEY}"
 fi
 
 chvt 9