signalk-ssl 0.2.1 → 0.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/dist/plugin/cert-installer.d.ts +2 -1
  2. package/dist/plugin/cert-installer.js +3 -2
  3. package/package.json +1 -1
package/dist/plugin/cert-installer.d.ts CHANGED
@@ -8,6 +8,7 @@ export declare const defaultTargets: (configPath: string) => InstallTargets;
8
8
  * Atomically install the leaf certificate, key, and chain into the paths
9
9
  * signalk-server reads at boot (`${configPath}/ssl-cert.pem`,
10
10
  * `ssl-key.pem`, `ssl-chain.pem`). signalk-server enforces strict perms on
11
- * the key file (refuses to start if it's group/world-readable).
11
+ * both files (refuses to start if either is group/world-readable; see
12
+ * `hasStrictPermissions` in signalk-server's `src/security.ts`).
12
13
  */
13
14
  export declare const installCerts: (targets: InstallTargets, leafPem: string, leafKeyPem: string, caPem: string) => Promise<void>;
package/dist/plugin/cert-installer.js CHANGED
@@ -1,7 +1,7 @@
1
1
  import { chmod, mkdir, rename, writeFile } from 'node:fs/promises';
2
2
  import { dirname, join } from 'node:path';
3
3
  const PEM_KEY_MODE = 0o600;
4
- const PEM_CERT_MODE = 0o644;
4
+ const PEM_CERT_MODE = 0o600;
5
5
  export const defaultTargets = (configPath) => ({
6
6
  certPath: join(configPath, 'ssl-cert.pem'),
7
7
  keyPath: join(configPath, 'ssl-key.pem'),
@@ -19,7 +19,8 @@ const atomicWrite = async (path, data, mode, pid = process.pid) => {
19
19
  * Atomically install the leaf certificate, key, and chain into the paths
20
20
  * signalk-server reads at boot (`${configPath}/ssl-cert.pem`,
21
21
  * `ssl-key.pem`, `ssl-chain.pem`). signalk-server enforces strict perms on
22
- * the key file (refuses to start if it's group/world-readable).
22
+ * both files (refuses to start if either is group/world-readable; see
23
+ * `hasStrictPermissions` in signalk-server's `src/security.ts`).
23
24
  */
24
25
  export const installCerts = async (targets, leafPem, leafKeyPem, caPem) => {
25
26
  // mkdir every distinct parent directory. defaultTargets() puts all three
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "signalk-ssl",
3
- "version": "0.2.1",
3
+ "version": "0.2.2",
4
4
  "description": "SSL/TLS certificate management plugin for SignalK Node Server — generate a local CA, issue server certs, distribute the root via QR to phones/tablets",
5
5
  "type": "module",
6
6
  "main": "dist/plugin/index.js",