diff options
| author | Joel Rosdahl <joel@rosdahl.net> | 2016-03-08 22:46:04 +0100 |
|---|---|---|
| committer | Joel Rosdahl <joel@rosdahl.net> | 2016-03-08 22:46:04 +0100 |
| commit | db5680d01428816ba670f4828144436b69de4a75 (patch) | |
| tree | f52760eb692ad622ed3e55474129198e062f917e | |
| parent | ca46821c01923e631f543030d583ba135562e681 (diff) | |
| download | miniircd-db5680d01428816ba670f4828144436b69de4a75.tar.gz miniircd-db5680d01428816ba670f4828144436b69de4a75.zip | |
Import ssl module before entering chroot jail
As noted by Jan Fuchs, importing the ssl module typically doesn't work
inside a chroot jail.
| -rw-r--r-- | CHANGES | 1 | ||||
| -rwxr-xr-x | miniircd | 10 |
2 files changed, 7 insertions, 4 deletions
@@ -2,6 +2,7 @@ Unreleased * Find certificate specified with relative path when using --daemon. * Handle quickly disconnecting client without crashing. + * Import ssl module before entering chroot jail. 1.1 (2015-05-22) @@ -1,7 +1,7 @@ #! /usr/bin/env python # Hey, Emacs! This is -*-python-*-. # -# Copyright (C) 2003-2015 Joel Rosdahl +# Copyright (C) 2003-2016 Joel Rosdahl # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -643,6 +643,9 @@ class Server(object): self.setuid = options.setuid self.statedir = options.statedir + if self.ssl_pem_file: + self.ssl = __import__("ssl") + # Find certificate after daemonization if path is relative: if self.ssl_pem_file and os.path.exists(self.ssl_pem_file): self.ssl_pem_file = os.path.abspath(self.ssl_pem_file) @@ -781,14 +784,13 @@ class Server(object): else: (conn, addr) = x.accept() if self.ssl_pem_file: - import ssl try: - conn = ssl.wrap_socket( + conn = self.ssl.wrap_socket( conn, server_side=True, certfile=self.ssl_pem_file, keyfile=self.ssl_pem_file) - except ssl.SSLError as e: + except self.ssl.SSLError as e: self.print_error( "SSL error for connection from %s:%s: %s" % ( addr[0], addr[1], e)) |