Using ssl.wrap_socket() in chroot jail
Grant Edwards
invalid at invalid.invalid
Thu May 8 09:31:17 EDT 2014
On 2014-05-08, Chris Angelico <rosuav at gmail.com> wrote:
> On Thu, May 8, 2014 at 4:51 AM, Grant Edwards <invalid at invalid.invalid> wrote:
>> Unfortunately, the actual SSL wrapping stuff isn't being done in my
>> code. It's being done by the secure-smtpd module, which will pass
>> whatever cert/key params I give it to ssl.wrap_socket(). That still
>> leaves the third option (e.g. stunnel).
>
> I'll go back to the naughty-crazy idea of monkey-patching, then: can
> you create an SSLContext prior to chrooting, then stuff its
> wrap_socket back into the ssl module?
Probably. I'll have to give that a try after I figure out some of the
other "Unix daemon" issues. Any imports that happen after chroot()ing
are going to fail (I think), and I'm not sure if that's going to be a
problem or not...
--
Grant Edwards grant.b.edwards Yow! Do you like "TENDER
at VITTLES"?
gmail.com
More information about the Python-list
mailing list