Using ssl.wrap_socket() in chroot jail
Grant Edwards
invalid at invalid.invalid
Wed May 7 11:42:45 EDT 2014
Let's say you have a server/daemon application written in python that
accepts incoming SSL connections.
You want to run that application in a chroot jail.
The last thing you want in that jail is your SSL certificate private
key file.
But, it appears the ssl module won't accept SSL certificates and keys
as data strings, or as stringio file objects. It will only accept a
filename, and it has to open/read that file every time a connection is
accepted.
So how do you avoid having your certificate key file sitting, readable,
in the chroot jail?
--
Grant Edwards grant.b.edwards Yow! An Italian is COMBING
at his hair in suburban DES
gmail.com MOINES!
More information about the Python-list
mailing list