From 3a7e4edaebda970bdc5c9714997ea86900de0e53 Mon Sep 17 00:00:00 2001
From: Thomas Preud'homme <robotux@celest.fr>
Date: Sun, 11 May 2014 14:23:45 +0800
Subject: [PATCH] [ssl_mgmt] Only set ownership & rights if gen ok

Only set ownership and rights if generated file are not corrupted and
certificate match the private key.
---
 ssl_mgmt/ssl_mgmt | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ssl_mgmt/ssl_mgmt b/ssl_mgmt/ssl_mgmt
index abbee11..5b3ce87 100755
--- a/ssl_mgmt/ssl_mgmt
+++ b/ssl_mgmt/ssl_mgmt
@@ -299,8 +299,6 @@ generate_cert ()
 	openssl ca -batch -config $opensslCnfFile -cert $CACertPath \
 		-keyfile $CAKeyPath -passin file:$rootCAPwdPath \
 		-out $certSubdir/$certFile -infiles $csrSubdir/$reqFile
-	getfacl "$certPath" | setfacl --set-file=- $certSubdir/$certFile
-	chown --reference="$certPath" $certSubdir/$certFile
 
 	# Safety check
 	if ! openssl x509 -noout -text -in $certSubdir/$certFile >/dev/null 2>&1 ||
@@ -327,6 +325,8 @@ generate_cert ()
 	fi
 
 	# Notify and install the new certificate
+	getfacl "$certPath" | setfacl --set-file=- $certSubdir/$certFile
+	chown --reference="$certPath" $certSubdir/$certFile
 	if [ -z "$no_overwrite" ]
 	then
 		if [ ! -f "$certDestDir/$certFile" ]