> It accept them only as > paths to their location on the file system, which I believe means that a > server can only support SSL if it has read permission to its private key > file when client connections arrive. This is a problem for servers that > bind to their socket and drop privileges as soon as they start up, a > practice that is both common and recommended in the unix world. Ah, excellent point. > IMHO, this severely limits the new ssl module's utility, and discourages > good security practices. Please file a bug report. A bug report with a patch and tests would be even better :-). Assign it to me. > Wouldn't it be better if we could specify keys and certificates as bytes > or file-like objects? This would solve the security issue, give > applications more flexibility in key management, and might also improve > performance slightly (by avoiding file system operations at accept() > time). I like it! Bill
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4