Skip to content

Instantly share code, notes, and snippets.

View mackyle's full-sized avatar

mackyle

91 followers · 0 following
View GitHub Profile
@mackyle
mackyle / 0001-nc-tlscompat.patch
Last active May 18, 2017 22:17
LibreSSL 2.5.4 tarball patches to add nc -T tlscompat and tolerate undef IPV6_TCLASS
From: Kyle J. McKay <mackyle@gmail.com>
Subject: [PATCHv2 1/2] nc: support -T tlscompat option
Some services are still provided using TLS 1.0 and older ciphers.
It is possible to use the nc command to connect to these services
using the "-T tlsall" option, but that also enables legacy and
insecure ciphers and is not desirable.
Instead add a new "-T tlscompat" option that can be used to access
older servers while not also enabling insecure and very old legacy
@mackyle
mackyle / libressl-tarball-2_5_4-notafter-beyond-2038.patch
Created May 18, 2017 12:32
LibreSSL 2.5.4 tarball patch to allow notAfter dates beyond 2038 on a 32-bit time_t system
From: Kyle J. McKay <mackyle@gmail.com>
Subject: [PATCH] allow notAfter after 2038 with 32-bit time_t
RFC 5280 section 4.1.2.5 states:
To indicate that a certificate has no well-defined expiration date,
the notAfter SHOULD be assigned the GeneralizedTime value of
99991231235959Z.
Unfortunately, if sizeof(time_t) == 4, 9999-12-31T23:59:59Z cannot be
@mackyle
mackyle / libressl-tarball-2_5_4-ocsp-defca.patch
Created May 17, 2017 22:08
LibreSSL 2.5.4 tarball patch to allow ocspcheck DEFAULT_CA_FILE override
From: Kyle J. McKay <mackyle@gmail.com>
Subject: [PATCH] ocspcheck/http.c: allow DEFAULT_CA_FILE override
The value of DEFAULT_CA_FILE is hard-coded to "/etc/ssl/cert.pem"
in the ocpscheck/http.c file.
This may not always be the desired default location. Allow the
default to be changed with a command-line define via CPPFLAGS the
same way the same-named value can be changed for nc/netcat.c.
@mackyle
mackyle / libressl-tarball-2_5_4-ev-oids.patch
Last active May 17, 2017 18:57
LibreSSL 2.5.4 tarball patch to add EV subject jusrisdiction OIDs
From: Kyle J. McKay <mackyle@gmail.com>
Subject: [PATCH] objects: add EV subject OID names
The "EV SSL Certificate Guidelines" available from:
https://cabforum.org/extended-validation/
defines three OIDs commonly seen in leaf certificates:
jurisdictionLocalityName
@mackyle
mackyle / export-fixed-tags
Last active October 25, 2016 04:42
#!/usr/bin/env perl
# export-fixed-tags -- produce fast-import stream to fix broken tags
# Copyright (C) 2016 Kyle J. McKay. All rights reserved.
# License AGPLv3+ https://www.gnu.org/licenses/agpl.html
#
## Usage
##
## Some software used to convert repositories to Git format creates invalid
@mackyle
mackyle / git-log-times
Last active December 30, 2017 11:25
git-log-times a log --oneline alternative with dates, times and initials
Patch and discussion at:
https://public-inbox.org/git/git-log-times@mackyle-at-gmail-com/
Clone from:
https://github.com/mackyle/git-log-compact.git
Project page at:
https://mackyle.github.io/git-log-compact/
@mackyle
mackyle / git-checkpoint
Last active November 7, 2021 22:08
git-checkpoint -- create a new stash entry without touching working tree or index
#!/bin/sh
# git-checkpoint -- save a stash of current work in progress
# Copyright (C) 2014,2015 Kyle J. McKay. All rights reserved.
# License GPLv2.
# Usage: git checkpoint [<stash message>]
# Optional: git config --global alias.cp checkpoint
if [ "$1" = "-h" ] || [ "$1" = "--help" ]; then
@mackyle
mackyle / gist:e11f34a92b53b07c8caf
Created July 29, 2014 01:28
ddclient always generate emails for IP updates & connect errors
commit 92149f8ee6cfb16c59a173395f5ae1749ce12c96
Author: Kyle J. McKay <mackyle@gmail.com>
Date: Wed Jun 11 22:31:13 2014 -0700
Always send update & error messages to mail-failure address
diff --git a/ddclient b/ddclient
index 945745d0..671def55 100755
--- a/ddclient
+++ b/ddclient