This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author forest
Recipients forest
Date 2008-09-09.18:25:16
SpamBayes Score 0.02460138
Marked as misclassified No
Message-id <1220984719.3.0.228126117566.issue3823@psf.upfronthosting.co.za>
In-reply-to
Content
SSLSocket() and ssl.wrap_socket() accept private keys only as paths to
their location on the file system.  This means that a server can only
support SSL if it has read access to its private key file at the time
when client connections arrive, which is a problem for servers that bind
to their socket and drop privileges as soon as they start up.

In other words, the new ssl module's API prevents its use in servers
that follow best practices that are prevalent in the unix world.

If SSLSocket() and ssl.wrap_socket() were updated to accept private keys
as strings (or open file-like objects or some such), the problem would
go away.  Moreover, it would allow a program to keep private keys cached
in memory, which might slightly improve performance over reading them
from the file system on every new connection.
History
Date User Action Args
2008-09-09 18:25:19forestsetrecipients: + forest
2008-09-09 18:25:19forestsetmessageid: <1220984719.3.0.228126117566.issue3823@psf.upfronthosting.co.za>
2008-09-09 18:25:18forestlinkissue3823 messages
2008-09-09 18:25:16forestcreate