> It accept them only as > paths to their location on the file system, which I believe means that a > server can only support SSL if it has read permission to its private key > file when client connections arrive. This is a problem for servers that > bind to their socket and drop privileges as soon as they start up, a > practice that is both common and recommended in the unix world.
Ah, excellent point. > IMHO, this severely limits the new ssl module's utility, and discourages > good security practices. Please file a bug report. A bug report with a patch and tests would be even better :-). Assign it to me. > Wouldn't it be better if we could specify keys and certificates as bytes > or file-like objects? This would solve the security issue, give > applications more flexibility in key management, and might also improve > performance slightly (by avoiding file system operations at accept() > time). I like it! Bill _______________________________________________ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
