Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.lang.python > #71035
| From | Grant Edwards <invalid@invalid.invalid> |
|---|---|
| Newsgroups | comp.lang.python |
| Subject | Using ssl.wrap_socket() in chroot jail |
| Date | 2014-05-07 15:42 +0000 |
| Organization | PANIX Public Access Internet and UNIX, NYC |
| Message-ID | <lkdk9l$le3$1@reader1.panix.com> (permalink) |
Let's say you have a server/daemon application written in python that
accepts incoming SSL connections.
You want to run that application in a chroot jail.
The last thing you want in that jail is your SSL certificate private
key file.
But, it appears the ssl module won't accept SSL certificates and keys
as data strings, or as stringio file objects. It will only accept a
filename, and it has to open/read that file every time a connection is
accepted.
So how do you avoid having your certificate key file sitting, readable,
in the chroot jail?
--
Grant Edwards grant.b.edwards Yow! An Italian is COMBING
at his hair in suburban DES
gmail.com MOINES!
Back to comp.lang.python | Previous | Next — Next in thread | Find similar | Unroll thread
Using ssl.wrap_socket() in chroot jail Grant Edwards <invalid@invalid.invalid> - 2014-05-07 15:42 +0000
Re: Using ssl.wrap_socket() in chroot jail Chris Angelico <rosuav@gmail.com> - 2014-05-08 02:04 +1000
Re: Using ssl.wrap_socket() in chroot jail Christian Heimes <christian@python.org> - 2014-05-07 20:11 +0200
Re: Using ssl.wrap_socket() in chroot jail Grant Edwards <invalid@invalid.invalid> - 2014-05-07 18:51 +0000
Re: Using ssl.wrap_socket() in chroot jail Chris Angelico <rosuav@gmail.com> - 2014-05-08 12:12 +1000
Re: Using ssl.wrap_socket() in chroot jail Grant Edwards <invalid@invalid.invalid> - 2014-05-08 13:31 +0000
csiph-web