Verifying an SSL certificate with python

This one took me a considerable amount of time and had to figure some parts from scratch. Unfortunately there doesn’t seem to exist an easy (out-of-the-box) way for checking whether a certificate is signed by another certificate in python. After days of searching and despair, here is a solution without using M2Crypto: Note: You can …

Continue reading ‘Verifying an SSL certificate with python’ »

X509v3 Authority Key Identifier pains (authorityKeyIdentifier)

“X509v3 Authority Key Identifier” or “authorityKeyIdentifier” is an X509v3 extension that’s added to X509 certificates and identifies the CA that signed the Certificate. I suppose that this speeds up the certificate validation process by eliminating multiple checks. Short version Edit openssl.cnf and make sure that authorityKeyIdentifier does not include “issuer” Long version There’s an issue …

Continue reading ‘X509v3 Authority Key Identifier pains (authorityKeyIdentifier)’ »

Raspberry Pi under QEMU

What: Run raspberry pi system under QEMU Why: I wanted to have builder environment for Raspberry PI. Emulating it it much faster that running something on it Disclaimer: I am not a qemu/raspberry-pi expert – Some things may be wrong here Introduction Running qemu-arm is slightly different than running qemu for x86. There is no …

Continue reading ‘Raspberry Pi under QEMU’ »

IPsec, Racoon, setkey, Linux, Mikrotik, tunnel, transport and everything

It took me more than 6 months in order to sort all issues, so here are the experiences. Most of the trouble was because I didn’t knew or I didn’t had things clear in my mind. I wanted to have IPsec communication between a bunch of servers and a home network. I believe that this …

Continue reading ‘IPsec, Racoon, setkey, Linux, Mikrotik, tunnel, transport and everything’ »

DNSSEC key tag (keyid) and DS signature calculation in python

This one took me a considerable amount of hours to figure out so here it is. While trying to automate DNS zone generation I had to calculate some of the values programmatically. Two of the auto-generated values had to do with DNSSEC entries: The key tag (or keyid) and the DS record’s signatures. The required …

Continue reading ‘DNSSEC key tag (keyid) and DS signature calculation in python’ »

rsync as root with rrsync and sudo

Here’s how to rsync something to a remote host as root without allowing root logins and with directory restriction. I did that because I wanted to sync /srv across servers. In general it will use rsync over ssh, sudo, rrsync and a remote non-root user. I assume that rsync will run from srv1 to srv2. …

Continue reading ‘rsync as root with rrsync and sudo’ »

Linux Containers: Easy LXC

Linux containers (a.k.a. LXC) rock. It’s the ultimate way of having multiple Linux boxes with minimal requirements. Here’s how I do it under Debian (and the script I’m using): Requirements This guide is for Debian  testing as of 25 March 2012. However it should work for other cases as well. The procedure creates a minimal …

Continue reading ‘Linux Containers: Easy LXC’ »

TalkTalk traffic interception

Recently I was really annoyed by my ISP (TalkTalk @ UK). In short: They are intercepting traffic and doing deep packet inspection without any warning or approval. But wait, there’s more: In general they monitor web traffic (read: the data) and after intercepting an HTTP request the replay that (yes.. they replay the request). Here’s …

Continue reading ‘TalkTalk traffic interception’ »

Quick fix for X.org screensaver bypass

This vulnerability is quite annoying if you’re locking your desktop in work or anywhere else. In short, one is able to kill xorg’s xscreensaver’s lock by just pressing alt-ctrl-* or alt-ctrl-/ (both * and / need to be from the keypad). A workaround that was posted suggests to modify files in the system. If you …

Continue reading ‘Quick fix for X.org screensaver bypass’ »