From db5680d01428816ba670f4828144436b69de4a75 Mon Sep 17 00:00:00 2001 From: Joel Rosdahl Date: Tue, 8 Mar 2016 22:46:04 +0100 Subject: Import ssl module before entering chroot jail As noted by Jan Fuchs, importing the ssl module typically doesn't work inside a chroot jail. --- CHANGES | 1 + miniircd | 10 ++++++---- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/CHANGES b/CHANGES index 4a85b25..5be7743 100644 --- a/CHANGES +++ b/CHANGES @@ -2,6 +2,7 @@ Unreleased * Find certificate specified with relative path when using --daemon. * Handle quickly disconnecting client without crashing. + * Import ssl module before entering chroot jail. 1.1 (2015-05-22) diff --git a/miniircd b/miniircd index c864188..d867eac 100755 --- a/miniircd +++ b/miniircd @@ -1,7 +1,7 @@ #! /usr/bin/env python # Hey, Emacs! This is -*-python-*-. # -# Copyright (C) 2003-2015 Joel Rosdahl +# Copyright (C) 2003-2016 Joel Rosdahl # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -643,6 +643,9 @@ class Server(object): self.setuid = options.setuid self.statedir = options.statedir + if self.ssl_pem_file: + self.ssl = __import__("ssl") + # Find certificate after daemonization if path is relative: if self.ssl_pem_file and os.path.exists(self.ssl_pem_file): self.ssl_pem_file = os.path.abspath(self.ssl_pem_file) @@ -781,14 +784,13 @@ class Server(object): else: (conn, addr) = x.accept() if self.ssl_pem_file: - import ssl try: - conn = ssl.wrap_socket( + conn = self.ssl.wrap_socket( conn, server_side=True, certfile=self.ssl_pem_file, keyfile=self.ssl_pem_file) - except ssl.SSLError as e: + except self.ssl.SSLError as e: self.print_error( "SSL error for connection from %s:%s: %s" % ( addr[0], addr[1], e)) -- cgit v1.2.3