Using TCP-LP with pycurl in Python

Intro TCP-LP (low priority) is a TCP congestion control algorithm that is meant to be used by TCP connections that don’t want to compete with other connections for bandwidth. Its goal is to use the idle bandwidth for file transfers. The details of TCP-LP are here. With Linux’ plugable congestion control algorithms, it is possible …

Continue reading ‘Using TCP-LP with pycurl in Python’ »

Debian packaging for python2 and python3 at the same time

The problem The scenario was like this: Python code that provides a library and a binary The code is compatible with both Python v2 and v3 The requirements were: Generate a package with the library part for python v2 Generate a package with the library part for python v3 Generate a binary package with the …

Continue reading ‘Debian packaging for python2 and python3 at the same time’ »

Multiple relay configuration based on sender address with sendmail

One of the needs that came up was to be able to use separate relay configurations based on the sender email address, using sendmail. The problem is that sendmail is missing support for most parts of that sentence. At the end the solution involved a combination of sendmail, smarttable, procmail and msmtp The idea is …

Continue reading ‘Multiple relay configuration based on sender address with sendmail’ »

OpenVPN and remote-cert-tls server

This required a bit of digging into OpenVPN’s and OpenSSL’s code to figure out. The problem This error: Thu Sep 11 00:12:05 2014 Validating certificate key usage Thu Sep 11 00:12:05 2014 ++ Certificate has key usage  00f8, expects 00a0 Thu Sep 11 00:12:05 2014 ++ Certificate has key usage  00f8, expects 0088 The condition …

Continue reading ‘OpenVPN and remote-cert-tls server’ »

Linux, multicast, bridging and IPv6 troubles (i.e. why my IPv6 connectivity goes missing)

For a long time now I had a very annoying problem with IPv6 under Linux. My setup is as follows: Linux box <-> Switch <-> Router The Linux box uses a bridge interface (br0) and usually only has one physical interface attached to it (eth0). That’s a very convenient setup. The problem is that after …

Continue reading ‘Linux, multicast, bridging and IPv6 troubles (i.e. why my IPv6 connectivity goes missing)’ »

Installing package build dependencies from a .dsc file (Debian)

There are cases where one needs to install build-dependencies of a .dsc file in Debian. Apparently this is not as trivial as: The easiest way I’ve found so far is to use mk-build-deps (from the devscripts package): This godly script: Creates a psudo package that depends on the build-depends of the .dsc file Does a …

Continue reading ‘Installing package build dependencies from a .dsc file (Debian)’ »

pyOpenSSL and invalid certificates

I was trying to import some X509v3 certificates that were created with pyOpenSSL to a MikroTik router (RouterOS 6.1) but they were always being imported with an invalid validity period (not before 1970 and not after 1970). Eventually I found out that this is because pyOpenSSL stores the validity field in an invalid format. Here’s …

Continue reading ‘pyOpenSSL and invalid certificates’ »

Verify that a private key matches a certificate with PyOpenSSL

Verify that a private key matches a certificate using PyOpenSSL and PyCrypto: The idea is to get the modulus from the two DER structures and compare them. They should be the same. Note: You can use the above under the MIT license. If it doesn’t fit your needs let me know. My intention is to …

Continue reading ‘Verify that a private key matches a certificate with PyOpenSSL’ »

Verifying an SSL certificate with python

This one took me a considerable amount of time and had to figure some parts from scratch. Unfortunately there doesn’t seem to exist an easy (out-of-the-box) way for checking whether a certificate is signed by another certificate in python. After days of searching and despair, here is a solution without using M2Crypto: Note: You can …

Continue reading ‘Verifying an SSL certificate with python’ »