Christian Heimes tiran

@python core developer, Python security team, PSF fellow, security-monger, Open Source advocate, Red Hat SecEng / IdM dev (he/him) Views are my own.

tiran / ssl_distro.md

Last active May 18, 2018 19:22

OpenSSL / LibreSSL versions in Linux and BSD distributions

Major distributions

tiran / gist:a281aa3baf9ea39e1d02800c1a7f8ea6

Last active August 9, 2017 08:49

Mypy stubgen for FreeIPA

	# mpypy in Fedora 26 is currently broken, https://bugzilla.redhat.com/show_bug.cgi?id=1479697
	# sudo dnf install -y python3-mypy
	python3 -m venv --system-site-packages /tmp/mypy
	/tmp/mypy/bin/pip install --upgrade --force mypy

	cd /path/to/freeipa
	sudo dnf builddep -y --spec ./freeipa.spec.in
	./autogen.sh
	make

tiran / cachedproperty.py

Created August 1, 2017 13:55

Cached property and cached callable

	import sys
	import types


	class cachedproperty(object):
	__slots__ = ('fget', 'name', '__doc__')

	def __init__(self, fget, doc=None):
	self.fget = fget
	self.name = fget.__name__ # python < 3.6

tiran / gist:22514df54239d0e952a54cd8c935fc48

Created July 20, 2017 11:33

Python 3 IDNA

	$ ipa dnsrecord-add ipa.example. götter --a-rec=192.168.121.250 --a-create-reverse
	Record name: götter
	A record: 192.168.121.250

	$ host götter.ipa.example
	xn--gtter-jua.ipa.example has address 192.168.121.250
	$ host 192.168.121.250
	250.121.168.192.in-addr.arpa domain name pointer xn--gtter-jua.ipa.example.

	$ dig götter.ipa.example

tiran / gist:f29824b0f68437e7f0cec29ee7956794

Created March 31, 2017 09:13

	Message from syslogd@***** at Mar 31 11:11:20 ...
	kernel:mce: [Hardware Error]: CPU 1: Machine Check: 0 Bank 128: 00000000880003c3

	Message from syslogd@***** at Mar 31 11:11:20 ...
	kernel:mce: [Hardware Error]: TSC 1a25bc4d0640

	Message from syslogd@***** at Mar 31 11:11:20 ...
	kernel:mce: [Hardware Error]: PROCESSOR 0:306c3 TIME 1490951480 SOCKET 0 APIC 1 microcode 20

	Message from syslogd@***** at Mar 31 11:11:20 ...

tiran / gist:a9181aabeff4e516cfcdc39abe8d4a5b

Created March 18, 2017 17:23

Python no-subject.badssl.com

	>>> import pprint, socket, ssl
	>>> ctx = ssl.create_default_context()
	>>> conn = socket.create_connection(('no-subject.badssl.com', 443))
	>>> sconn = ctx.wrap_socket(conn, server_hostname='no-subject.badssl.com')
	>>> pprint.pprint(sconn.getpeercert())
	{'OCSP': (u'http://ocsp.comodoca.com',),
	'caIssuers': (u'http://crt.comodoca.com/UbiquiTLSDVRSAServerCA.crt',),
	'issuer': ((('countryName', u'GB'),),
	(('stateOrProvinceName', u'Greater Manchester'),),
	(('localityName', u'Salford'),),

tiran / Cipher suites for TLS ABC PEP

Last active February 5, 2017 15:07

	class CipherSuite(IntEnum):
	"""TLS cipher suites

	Source: https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml

	Ignored:
	export ciphers
	key agreement: NULL, SRP_SHA, KRB5, PSK, PSK DHE
	auth: anon, NULL, PSK, DSS
	encryption: NULL, IDEA, ARIA

tiran / hashbench.py

Created January 19, 2017 20:01

Simple hashing benchmark for Python 2 and 3

	#!/usr/bin/env python3
	from __future__ import print_function
	import os
	import time
	import sys

	if sys.version_info.major >= 3:
	timer = time.perf_counter
	else:
	timer = time.time

tiran / README

Created January 3, 2017 13:30 — forked from atdt/README

A minimal ssh-agent for using a smartcard with PIV for public-key authentication with OpenSSH through PKCS11.

	org.wikimedia.ssh-pkcs11-agent.plist -> ~/Library/LaunchAgents
	OPENSC_LIBS=/usr/local/Cellar/opensc/0.15.0/lib
	ssh-add -s $OPENSC_LIBS/opensc-pkcs11.so

tiran / FreeRadius + FreeIPA

Last active February 5, 2023 08:02

	# create keytab for radius user
	ipa-getkeytab -p 'radius/HOSTNAME' -k /etc/raddb/radius.keytab
	chown root:radiusd /etc/raddb/radius.keytab
	chmod 640 /etc/raddb/radius.keytab

	# make radius use the keytab for SASL GSSAPI
	mkdir -p /etc/systemd/system/radiusd.service.d
	cat > /etc/systemd/system/radiusd.service.d/krb5_keytab.conf << EOF
	[Service]
	Environment=KRB5_CLIENT_KTNAME=/etc/raddb/radius.keytab