On 2014-05-08, Chris Angelico wrote:
> On Thu, May 8, 2014 at 4:51 AM, Grant Edwards wrote:
>> Unfortunately, the actual SSL wrapping stuff isn't being done in my
>> code. It's being done by the secure-smtpd module, which will pass
>> whatever cert/key params I give it to ssl.wrap_socket(). Tha
On Thu, May 8, 2014 at 4:51 AM, Grant Edwards wrote:
> Unfortunately, the actual SSL wrapping stuff isn't being done in my
> code. It's being done by the secure-smtpd module, which will pass
> whatever cert/key params I give it to ssl.wrap_socket(). That still
> leaves the third option (e.g. stu
On 2014-05-07, Christian Heimes wrote:
> On 07.05.2014 17:42, Grant Edwards wrote:
>> Let's say you have a server/daemon application written in python that
>> accepts incoming SSL connections.
>>
>> You want to run that application in a chroot jail.
>>
>> The last thing you want in that jail i
On 07.05.2014 17:42, Grant Edwards wrote:
> Let's say you have a server/daemon application written in python that
> accepts incoming SSL connections.
>
> You want to run that application in a chroot jail.
>
> The last thing you want in that jail is your SSL certificate private
> key file.
>
>
On Thu, May 8, 2014 at 1:42 AM, Grant Edwards wrote:
> But, it appears the ssl module won't accept SSL certificates and keys
> as data strings, or as stringio file objects. It will only accept a
> filename, and it has to open/read that file every time a connection is
> accepted.
>
> So how do you
Let's say you have a server/daemon application written in python that
accepts incoming SSL connections.
You want to run that application in a chroot jail.
The last thing you want in that jail is your SSL certificate private
key file.
But, it appears the ssl module won't accept SSL certificates
