RT1369: don't do "helpful" access check.

Don't do access check on destination directory; it breaks when euid/egid
is different from real uid/gid.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Signed-off-by: Rich Salz <rsalz@akamai.com>

diff --git a/apps/ca.c b/apps/ca.c
index 2f43a9bc7f89542d672901a8a8fc9f4b6f69761c..b6cf47f0f2eaebf486841428a4ed90b0e396ef76 100644 (file)
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -703,24 +703,13 @@ end_of_options:
 #ifndef OPENSSL_SYS_VMS
         /*
          * outdir is a directory spec, but access() for VMS demands a
 #ifndef OPENSSL_SYS_VMS
         /*
          * outdir is a directory spec, but access() for VMS demands a

-         * filename.  In any case, stat(), below, will catch the problem if
-         * outdir is not a directory spec, and the fopen() or open() will
-         * catch an error if there is no write access.
-         *
-         * Presumably, this problem could also be solved by using the DEC C
-         * routines to convert the directory syntax to Unixly, and give that
-         * to access().  However, time's too short to do that just now.
+         * filename.  We could use the DEC C routine to convert the
+         * directory syntax to Unixly, and give that to app_isdir,
+         * but for now the fopen will catch the error if it's not a
+         * directory

          */
          */

-        if (app_access(outdir, R_OK | W_OK | X_OK) != 0)
-        {
-            BIO_printf(bio_err, "I am unable to access the %s directory\n",
-                       outdir);
-            perror(outdir);
-            goto end;
-        }
-

         if (app_isdir(outdir) <= 0) {
         if (app_isdir(outdir) <= 0) {

-            BIO_printf(bio_err, "%s need to be a directory\n", outdir);
+            BIO_printf(bio_err, "%s: %s is not a directory\n", prog, outdir);

             perror(outdir);
             goto end;
         }
             perror(outdir);
             goto end;
         }