[Python-Dev] new ssl module is incompatible with servers that drop privileges
Forest
list8a.forest at tibit.com
Tue Sep 9 20:44:59 CEST 2008
I've been trying out the new ssl module, and I love it so far, except for
the way it accepts private keys and certificates. It accept them only as
paths to their location on the file system, which I believe means that a
server can only support SSL if it has read permission to its private key
file when client connections arrive. This is a problem for servers that
bind to their socket and drop privileges as soon as they start up, a
practice that is both common and recommended in the unix world.
IMHO, this severely limits the new ssl module's utility, and discourages
good security practices.
Wouldn't it be better if we could specify keys and certificates as bytes
or file-like objects? This would solve the security issue, give
applications more flexibility in key management, and might also improve
performance slightly (by avoiding file system operations at accept()
time).
Perhaps there's a workaround that I haven't noticed yet? A quick look at
the source code didn't reveal any obvious way to specify keys other than
as paths in the file system.
http://bugs.python.org/issue3823
More information about the Python-Dev
mailing list