2

So I have a dynamically generated self signed certificate in python and I want to pass it to ssl.wrap_socket but it looks like that function only accepts a file name as a parameter.

I know I could write the file to disk and then read it back then delete it, I'm also running on Linux so I could write it to /run/user/1000/ so it doesn't have to touch a real drive but, this still feels wrong. Anyone got a way I can bypass the file generation step entirely? 

httpd.socket = ssl.wrap_socket (httpd.socket, certfile="cert.pem", server_side=True)

Thanks!

Roger Heathcote
  • 3,091
  • 1
  • 33
  • 39

1 Answers1

1

No.

Unfortunately, it doesn't look like the SSL library supports it. You can view the source of the method you're calling here:

https://github.com/python/cpython/blob/master/Lib/ssl.py#L1131

and it appears the certfile name is being passed all the way along to the C code for handling SSL (you can follow the certfile parameter through a few function calls in the above file):

https://github.com/python/cpython/blob/master/Modules/_ssl.c#L3240

Sorry!!

Christopher Shroba
  • 7,006
  • 8
  • 40
  • 68
  • 1
    Fair enough. I've heard a few people say openSSL is a dogs dinner, I'm starting to believe it! Thanks for the quick and definitive response. – Roger Heathcote Dec 06 '16 at 13:10