new ssl module is incompatible with servers that drop privileges
I've been trying out the new ssl module, and I love it so far, except for the way it accepts private keys and certificates. It accept them only as paths to their location on the file system, which I believe means that a server can only support SSL if it has read permission to its private key file when client connections arrive. This is a problem for servers that bind to their socket and drop privileges as soon as they start up, a practice that is both common and recommended in the unix world. IMHO, this severely limits the new ssl module's utility, and discourages good security practices. Wouldn't it be better if we could specify keys and certificates as bytes or file-like objects? This would solve the security issue, give applications more flexibility in key management, and might also improve performance slightly (by avoiding file system operations at accept() time). Perhaps there's a workaround that I haven't noticed yet? A quick look at the source code didn't reveal any obvious way to specify keys other than as paths in the file system. http://bugs.python.org/issue3823
It accept them only as paths to their location on the file system, which I believe means that a server can only support SSL if it has read permission to its private key file when client connections arrive. This is a problem for servers that bind to their socket and drop privileges as soon as they start up, a practice that is both common and recommended in the unix world.
Ah, excellent point.
IMHO, this severely limits the new ssl module's utility, and discourages good security practices.
Please file a bug report. A bug report with a patch and tests would be even better :-). Assign it to me.
Wouldn't it be better if we could specify keys and certificates as bytes or file-like objects? This would solve the security issue, give applications more flexibility in key management, and might also improve performance slightly (by avoiding file system operations at accept() time).
I like it! Bill
On Tue, September 9, 2008 12:49 pm, Bill Janssen wrote:
IMHO, this severely limits the new ssl module's utility, and discourages good security practices.
Please file a bug report. A bug report with a patch and tests would be even better :-). Assign it to me.
I filed one, but the bug tracker doesn't seem to offer a way to assign it to you. I'll add you to the nosy list. http://bugs.python.org/issue3823 I'm pretty swamped right now, so I don't think I can learn the code well enough to make a patch in the few weeks before python 2.6 is released. (How nice it would be if the debut of this very useful module was free of this problem!) If I find some unexpected free time, I'll take a crack at it.
participants (2)
-
Bill Janssen
-
Forest