Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.lang.python > #71098

Re: Using ssl.wrap_socket() in chroot jail

Show all headers | View raw

On 2014-05-08, Chris Angelico <rosuav@gmail.com> wrote:
> On Thu, May 8, 2014 at 4:51 AM, Grant Edwards <invalid@invalid.invalid> wrote:
>> Unfortunately, the actual SSL wrapping stuff isn't being done in my
>> code.  It's being done by the secure-smtpd module, which will pass
>> whatever cert/key params I give it to ssl.wrap_socket().  That still
>> leaves the third option (e.g. stunnel).
>
> I'll go back to the naughty-crazy idea of monkey-patching, then: can
> you create an SSLContext prior to chrooting, then stuff its
> wrap_socket back into the ssl module?

Probably. I'll have to give that a try after I figure out some of the
other "Unix daemon" issues.  Any imports that happen after chroot()ing
are going to fail (I think), and I'm not sure if that's going to be a
problem or not...

-- 
Grant Edwards               grant.b.edwards        Yow! Do you like "TENDER
                                  at               VITTLES"?
                              gmail.com            

Back to comp.lang.python | Previous | Next — Previous in thread | Find similar | Unroll thread

Thread

Using ssl.wrap_socket() in chroot jail Grant Edwards <invalid@invalid.invalid> - 2014-05-07 15:42 +0000
  Re: Using ssl.wrap_socket() in chroot jail Chris Angelico <rosuav@gmail.com> - 2014-05-08 02:04 +1000
  Re: Using ssl.wrap_socket() in chroot jail Christian Heimes <christian@python.org> - 2014-05-07 20:11 +0200
    Re: Using ssl.wrap_socket() in chroot jail Grant Edwards <invalid@invalid.invalid> - 2014-05-07 18:51 +0000
      Re: Using ssl.wrap_socket() in chroot jail Chris Angelico <rosuav@gmail.com> - 2014-05-08 12:12 +1000
        Re: Using ssl.wrap_socket() in chroot jail Grant Edwards <invalid@invalid.invalid> - 2014-05-08 13:31 +0000

csiph-web