Using ssl.wrap_socket() in chroot jail

[Grant Edwards]

On 2014-05-08, Chris Angelico <rosuav at gmail.com> wrote:
> On Thu, May 8, 2014 at 4:51 AM, Grant Edwards <invalid at invalid.invalid> wrote:
>> Unfortunately, the actual SSL wrapping stuff isn't being done in my
>> code.  It's being done by the secure-smtpd module, which will pass
>> whatever cert/key params I give it to ssl.wrap_socket().  That still
>> leaves the third option (e.g. stunnel).
>
> I'll go back to the naughty-crazy idea of monkey-patching, then: can
> you create an SSLContext prior to chrooting, then stuff its
> wrap_socket back into the ssl module?

Probably. I'll have to give that a try after I figure out some of the
other "Unix daemon" issues.  Any imports that happen after chroot()ing
are going to fail (I think), and I'm not sure if that's going to be a
problem or not...

-- 
Grant Edwards               grant.b.edwards        Yow! Do you like "TENDER
                                  at               VITTLES"?
                              gmail.com