std.http.Client: change ssl key log creation permission bits

This is the same mode used by openssh for private keys. This does not change the mode of an existing file, so users who need something different can pre-create the file with their designed permissions or change them after the fact, and running another process that writes to the key log will not change it back.
ziglang · Nov 8, 2024 · 9373abf · 9373abf
1 parent 75adba7
commit 9373abf
Showing 1 changed file with 7 additions and 1 deletion.
diff --git a/lib/std/http/Client.zig b/lib/std/http/Client.zig
@@ -1361,7 +1361,13 @@ pub fn connectTcp(client: *Client, host: []const u8, port: u16, protocol: Connec
                 error.OutOfMemory => return error.OutOfMemory,
             };
             defer client.allocator.free(ssl_key_log_path);
-            break :ssl_key_log_file std.fs.cwd().createFile(ssl_key_log_path, .{ .truncate = false }) catch null;
+            break :ssl_key_log_file std.fs.cwd().createFile(ssl_key_log_path, .{
+                .truncate = false,
+                .mode = switch (builtin.os.tag) {
+                    .windows, .wasi => 0,
+                    else => 0o600,
+                },
+            }) catch null;
         } else null;
         errdefer if (ssl_key_log_file) |key_log_file| key_log_file.close();