newspaint

Documenting Problems That Were Difficult To Find The Answer To

Monthly Archives: April 2017

Prioritising VoIP on OpenWRT/OpenLEDE

Following the advice at the Network Traffic Control (QOS) page on the OpenWRT wiki I installed the tc package:

opkg install tc
opkg install kmod-sched-core

I wanted to set up 4 queues:

  ---[traffic to Australian Phone Company]---
                                             \
  ---[tiny packets <64 bytes]-----------------> router ---[ADSL]--- ISP
                                             /
  ---[small packets <256 bytes]-------------/
                                           /
  ---[everything else]---------------------

I needed a root qdisc with no limitations on it, and a top-level class with a maximum bandwidth of the upload speed to my ISP (around 1,400 kilobits per second).

Beneath this I set up 4 classes with differing priorities and each with a guaranteed minimum bandwidth of 100 kilobits per second each.

#!/bin/sh

DEV=pppoe-adsl
BWMAX=1400kbit

# ensure 32-bit classifier is available
insmod cls_u32
# ensure HTB scheduler is available
insmod sch_htb

echo "Clearing existing root qdisc on $DEV"
tc qdisc del dev $DEV root

echo "Adding root qdisc on $DEV"
tc qdisc add dev $DEV root       handle 1:    htb default 99

echo "Adding top class on $DEV with rate $BWMAX"
tc class add dev $DEV parent 1:  classid 1:1  htb rate $BWMAX ceil $BWMAX burst 6k


# Classes
echo "Creating VoIP class"
tc class add dev $DEV parent 1:1 classid 1:10 htb rate 100kbit ceil $BWMAX burst 6k prio 1

echo "Creating tiny packet class <64 bytes"
tc class add dev $DEV parent 1:1 classid 1:20 htb rate 100kbit ceil $BWMAX burst 6k prio 1

echo "Creating small packet class <256 bytes"
tc class add dev $DEV parent 1:1 classid 1:30 htb rate 100kbit ceil $BWMAX burst 6k prio 3

echo "Creating default class"
tc class add dev $DEV parent 1:1 classid 1:99 htb rate 100kbit ceil $BWMAX burst 6k prio 6


# Filters
echo "Creating VoIP filter to Australian Phone Company only (highest priority traffic)"
tc filter add dev $DEV parent 1: protocol ip prio 2 u32 match ip dst 103.12.10.97/32 flowid 1:10

echo "Creating tiny packet filter <64 bytes (for acknowledgements)"
echo "  allows bottom 6 bits to be anything (2^6 = 64) but all higher bits must be zero"
tc filter add dev $DEV parent 1: protocol ip prio 3 u32 match u16 0x0000 0xffc0 at 2 flowid 1:20

echo "Creating small packet filter <256 bytes (for traffic more likely to be real-time)"
echo "  allows bottom 8 bits to be anything (2^8 = 256) but all higher bits must be zero"
tc filter add dev $DEV parent 1: protocol ip prio 4 u32 match u16 0x0000 0xff00 at 2 flowid 1:30

Viewing the state of the system was straight-forward.

Seeing how many bytes and packets made it through the root qdisc:

# tc -s qdisc show dev $DEV
qdisc htb 1: root refcnt 2 r2q 10 default 99 direct_packets_stat 0 direct_qlen 3
 Sent 20016888 bytes 166952 pkt (dropped 175, overlimits 1496 requeues 0) 
 backlog 0b 0p requeues 0

I could also view the classes to see how many packets had made their way through each one:

# tc -s class show dev $DEV
class htb 1:1 root rate 1400Kbit ceil 1400Kbit burst 6Kb cburst 1599b 
 Sent 20154394 bytes 167785 pkt (dropped 0, overlimits 0 requeues 0) 
 rate 0bit 0pps backlog 0b 0p requeues 0 
 lended: 6096 borrowed: 0 giants: 0
 tokens: 544990 ctokens: 139271

class htb 1:10 parent 1:1 prio 1 rate 100Kbit ceil 1400Kbit burst 6Kb cburst 1599b 
 Sent 218765 bytes 394 pkt (dropped 0, overlimits 0 requeues 0) 
 rate 0bit 0pps backlog 0b 0p requeues 0 
 lended: 394 borrowed: 0 giants: 0
 tokens: 6248750 ctokens: 40610

class htb 1:20 parent 1:1 prio 1 rate 100Kbit ceil 1400Kbit burst 6Kb cburst 1599b 
 Sent 5800369 bytes 112832 pkt (dropped 0, overlimits 0 requeues 0) 
 rate 0bit 0pps backlog 0b 0p requeues 0 
 lended: 109430 borrowed: 3402 giants: 0
 tokens: 7630000 ctokens: 139271

class htb 1:30 parent 1:1 prio 3 rate 100Kbit ceil 1400Kbit burst 6Kb cburst 1599b 
 Sent 4727569 bytes 40204 pkt (dropped 16, overlimits 0 requeues 0) 
 rate 0bit 0pps backlog 0b 0p requeues 0 
 lended: 38041 borrowed: 2163 giants: 0
 tokens: 7586250 ctokens: 136146

class htb 1:99 parent 1:1 prio 6 rate 100Kbit ceil 1400Kbit burst 6Kb cburst 1599b 
 Sent 9407691 bytes 14355 pkt (dropped 159, overlimits 0 requeues 0) 
 rate 0bit 0pps backlog 0b 0p requeues 0 
 lended: 13824 borrowed: 531 giants: 0
 tokens: 6747500 ctokens: 76235

Actually class 1:99 is displayed first.

Aldi WorkZone Titanium+ XFinity Li-Ion 20V Cordless Hammer Drill and Batteries

Aldi, today (2017-04-22), had for sale the cordless hammer drill titled “WorkZone Titanium+ XFinity Li-Ion 20V Cordless Hammer Drill”. I spent some time searching the Internet to try and find out the manufacturer but I was unable. As this is the first time I know of that these products have been released to market I am writing this post with pictures of the boxes and products for others.


Battery Pack

Let’s start with the battery pack because without the battery there is no appliance.

The battery is titled “XFinity Plus 20V Battery System XFinity Li-Ion 20V 2.0AH Battery” and the battery purchased had a capacity of 2.0 amp hour (AH). The following is the view of the box from different angles:

XFinity Plus 20V Li-Ion 2.0AH Battery Box Top View

XFinity Plus 20V Li-Ion 2.0AH Battery Box Top View

XFinity Plus 20V Li-Ion 2.0AH Battery Box Left View

XFinity Plus 20V Li-Ion 2.0AH Battery Box Left View

XFinity Plus 20V Li-Ion 2.0AH Battery Box Front View

XFinity Plus 20V Li-Ion 2.0AH Battery Box Front View

XFinity Plus 20V Li-Ion 2.0AH Battery Box Right View

XFinity Plus 20V Li-Ion 2.0AH Battery Box Right View

XFinity Plus 20V Li-Ion 2.0AH Battery Box Rear View

XFinity Plus 20V Li-Ion 2.0AH Battery Box Rear View

XFinity Plus 20V Li-Ion 2.0AH Battery In Plastic Bag

XFinity Plus 20V Li-Ion 2.0AH Battery In Plastic Bag

XFinity Plus 20V Li-Ion 2.0AH Battery Manual

XFinity Plus 20V Li-Ion 2.0AH Battery Manual

XFinity Plus 20V Li-Ion 2.0AH Battery Top View

XFinity Plus 20V Li-Ion 2.0AH Battery Top View

XFinity Plus 20V Li-Ion 2.0AH Battery Left View

XFinity Plus 20V Li-Ion 2.0AH Battery Left View

XFinity Plus 20V Li-Ion 2.0AH Battery Bottom View

XFinity Plus 20V Li-Ion 2.0AH Battery Bottom View


Battery Charger

A battery isn’t much good unless the battery can be charged. So a charger was purchased. The charger is titled “XFinity Plus 20V Battery System XFinity Li-Ion 20V Quick Charger”. The following is the view of the box from different angles:

XFinity Plus 20V Li-Ion Quick Charger Box Top View

XFinity Plus 20V Li-Ion Quick Charger Box Top View

XFinity Plus 20V Li-Ion Quick Charger Box Left View

XFinity Plus 20V Li-Ion Quick Charger Box Left View

XFinity Plus 20V Li-Ion Quick Charger Box Front View

XFinity Plus 20V Li-Ion Quick Charger Box Front View

XFinity Plus 20V Li-Ion Quick Charger Box Right View

XFinity Plus 20V Li-Ion Quick Charger Box Right View

XFinity Plus 20V Li-Ion Quick Charger Box Rear View

XFinity Plus 20V Li-Ion Quick Charger Box Rear View

XFinity Plus 20V Li-Ion Quick Charger In Plastic Bag

XFinity Plus 20V Li-Ion Quick Charger In Plastic Bag

XFinity Plus 20V Li-Ion Quick Charger Manual In Plastic Bag

XFinity Plus 20V Li-Ion Quick Charger Manual In Plastic Bag

XFinity Plus 20V Li-Ion Quick Charger Top View

XFinity Plus 20V Li-Ion Quick Charger Top View

XFinity Plus 20V Li-Ion Quick Charger Bottom View

XFinity Plus 20V Li-Ion Quick Charger Bottom View

When power is applied the green LED is lit.

XFinity Plus 20V Li-Ion Quick Charger With Green LED Lit

XFinity Plus 20V Li-Ion Quick Charger With Green LED Lit

When a battery is charging the red LED flashes. When charging is complete the red LED stays lit and does not flash (one must remove the battery when the red LED is steady according to the manual).

XFinity Plus 20V Li-Ion Quick Charger With Red LED Flashing During Battery Charge

XFinity Plus 20V Li-Ion Quick Charger With Red LED Flashing During Battery Charge


Cordless Hammer Drill

The cordless hammer drill is titled “WorkZone Titanium+ XFinity Li-Ion 20V Cordless Hammer Drill”.

According to the box the technical specs are:

  • voltage: 20Vd.c.
  • no load speed: 0-380/0-1400/min
  • torque setting: 21
  • maximum torque: 28Nm
  • chuck diameter: 13mm
  • LED worklight: yes

The model is PT160103, version number 0001, product code is 56226, and the date is listed as 04/2017. After sales support line is given to be 1300 777 137 with an e-mail of service@actionspares.com.au.

Contents are listed as:

  • 1 x Hammer drill
  • 1 x Belt hook
  • 1 x Double ended bit
  • 1 x Auxiliary handle
  • 1 x Instruction manual
  • 1 x Warranty certificate

The box states “made in China”.

The following is the view of the box from different angles:

WorkZone Titanium+ XFinity Li-Ion 20V Cordless Hammer Drill Box Top View

WorkZone Titanium+ XFinity Li-Ion 20V Cordless Hammer Drill Box Top View

WorkZone Titanium+ XFinity Li-Ion 20V Cordless Hammer Drill Box Left View

WorkZone Titanium+ XFinity Li-Ion 20V Cordless Hammer Drill Box Left View

WorkZone Titanium+ XFinity Li-Ion 20V Cordless Hammer Drill Box Front View

WorkZone Titanium+ XFinity Li-Ion 20V Cordless Hammer Drill Box Front View

WorkZone Titanium+ XFinity Li-Ion 20V Cordless Hammer Drill Box Right View

WorkZone Titanium+ XFinity Li-Ion 20V Cordless Hammer Drill Box Right View

WorkZone Titanium+ XFinity Li-Ion 20V Cordless Hammer Drill Box Rear View

WorkZone Titanium+ XFinity Li-Ion 20V Cordless Hammer Drill Box Rear View

WorkZone Titanium+ XFinity Li-Ion 20V Cordless Hammer Drill Box Opened

WorkZone Titanium+ XFinity Li-Ion 20V Cordless Hammer Drill Box Opened

WorkZone Titanium+ XFinity Li-Ion 20V Cordless Hammer Drill Front View

WorkZone Titanium+ XFinity Li-Ion 20V Cordless Hammer Drill Front View

WorkZone Titanium+ XFinity Li-Ion 20V Cordless Hammer Drill Right View

WorkZone Titanium+ XFinity Li-Ion 20V Cordless Hammer Drill Right View

WorkZone Titanium+ XFinity Li-Ion 20V Cordless Hammer Drill Rear View

WorkZone Titanium+ XFinity Li-Ion 20V Cordless Hammer Drill Rear View

WorkZone Titanium+ XFinity Li-Ion 20V Cordless Hammer Drill Bottom View

WorkZone Titanium+ XFinity Li-Ion 20V Cordless Hammer Drill Bottom View

WorkZone Titanium+ XFinity Li-Ion 20V Cordless Hammer Drill With Battery Pack

WorkZone Titanium+ XFinity Li-Ion 20V Cordless Hammer Drill With Battery Pack

According to the manual there are 3 function types:

  • (icon of drill bit) regular drilling setting for drilling wood, plastic, metal
  • (icon of hammer) hammer drilling setting for hammer drilling masonry
  • (triangular-ish icon) driving setting for tightening or loosening screws

The torque setting is from 1 to 21, 1 being the lowest torque, 21 being the highest.

The speed setting on top of the drill is 1 (slow/low) or 2 (fast/high). High speed has less torque.

The product claims to adhere to technical standards AS/NZS 60745.1, 60745.2.1, and 60745.2.2.

The drill has considerable “whine” – a high pitch tone that changes in pitch depending on how far in the trigger is pulled.

Sadly the first drill I bought failed to observe any of the torque settings (it would drive regardless of how tight it became). I took it back and replaced it with another that now correctly observes the torque setting.

Impact Driver

The impact driver is titled “WorkZone Titanium+ XFinity Li-Ion 20V Cordless Impact Driver”.

The technical specifications on the box are:

  • input: 20Vd.c.
  • chuck size: 6.35mm Hex
  • no load speed: 0-2,300/min
  • impact rate: 0-3,200bpm
  • max torque: 140Nm

The following is the view of the box from different angles:

WorkZone Titanium+ XFinity Li-Ion 20V Cordless Impact Driver Box Top View

WorkZone Titanium+ XFinity Li-Ion 20V Cordless Impact Driver Box Top View

WorkZone Titanium+ XFinity Li-Ion 20V Cordless Impact Driver Box Left View

WorkZone Titanium+ XFinity Li-Ion 20V Cordless Impact Driver Box Left View

WorkZone Titanium+ XFinity Li-Ion 20V Cordless Impact Driver Box Front View

WorkZone Titanium+ XFinity Li-Ion 20V Cordless Impact Driver Box Front View

WorkZone Titanium+ XFinity Li-Ion 20V Cordless Impact Driver Box Right View

WorkZone Titanium+ XFinity Li-Ion 20V Cordless Impact Driver Box Right View

WorkZone Titanium+ XFinity Li-Ion 20V Cordless Impact Driver Box Rear View

WorkZone Titanium+ XFinity Li-Ion 20V Cordless Impact Driver Box Rear View

WorkZone Titanium+ XFinity Li-Ion 20V Cordless Impact Driver Box Bottom View

WorkZone Titanium+ XFinity Li-Ion 20V Cordless Impact Driver Box Bottom View

WorkZone Titanium+ XFinity Li-Ion 20V Cordless Impact Driver Box Open View

WorkZone Titanium+ XFinity Li-Ion 20V Cordless Impact Driver Box Open View

WorkZone Titanium+ XFinity Li-Ion 20V Cordless Impact Driver Front View

WorkZone Titanium+ XFinity Li-Ion 20V Cordless Impact Driver Front View

WorkZone Titanium+ XFinity Li-Ion 20V Cordless Impact Driver Rear View

WorkZone Titanium+ XFinity Li-Ion 20V Cordless Impact Driver Rear View

WorkZone Titanium+ XFinity Li-Ion 20V Cordless Impact Driver Right View

WorkZone Titanium+ XFinity Li-Ion 20V Cordless Impact Driver Right View


ZFS Grub Issues on Boot

I had a problem when attempting to boot into my ZFS root and landed in initramfs rescue prompt.

Using advice from this article:

Command: zpool import -N
Message: cannot import '': no such pool available
Error: 1

Manually import the root pool at the command prompt and then exit.
Hint: Try:  zpool import -f -R / -N


BusyBox v1.22.1 (Ubuntu 1:1.22.0-15ubuntu1) built-in shell (ash)
Enter 'help' for a list of built-in commands.

(initramfs) zpool import -f -R / -N rpool
(initramfs) exit

Begin: Setting mountpoint=/ on ZFS filesystem  ... done
Begin: Mounting ZFS filesystem  ... done
Command: mount -t zfs -o zfsutil  /root
Message: filesystem '' cannot be mounted, unable to open the dataset
mount: mounting  on /root failed: No such file or directory
Error: 1

Manually mount the root filesystem on /root and then exit.


BusyBox v1.22.1 (Ubuntu 1:1.22.0-15ubuntu1) build-in shell (ash)
Enter 'help' for a list of built-in commands

(initramfs)

To fix this issue I ran:

(initramfs) zpool import -R /root rpool
(initramfs) exit

Unfortunately there is a known bug in Ubuntu 16.04.1 grub-probe command which states “error: unknown filesystem” when running update-grub.

The work-around is to update /etc/default/grub and add:

GRUB_CMDLINE_LINUX_DEFAULT="boot=zfs root=ZFS=rpool/ROOT"

This results in the grub menu specifying the root parameter twice on the kernel boot line in /etc/grub/grub.cfg but the second one takes precedence.

Monitor No Signal on Xubuntu 16.04.1

My Dell server seemed to stop outputting to the monitor on the VGA cable. No signal, the monitor said. It was blank, it was black, it was powered off. I tried unplugging the cable and plugging it back in, no joy.

I tried pressing ctrl-alt-1 to switch to the text console, and the screen came alive, but all I could see was a flashing underline of a cursor in the upper left-hand corner, no login prompt. Same thing for ctrl-alt-2. Tried ctrl-alt-7 to get back to graphics mode and the monitor turned off again.

The following repaired the issue for me without having to reboot, but it did kill my GUI session and all open windows:

sudo /etc/init.d/lightdm restart

My monitor came back alive and I found myself at the GUI XFCE login prompt.

Checking SSL Certificate Expiry on Remote Server using PowerShell

Overview

There are a number of approaches to take to get the expiry time of the SSL certificate on a remote server using PowerShell. This tutorial will be conducted using PowerShell 2.0 and .NET 3.5 for maximum compatibility (as there are some organisations out there still using Microsoft Windows 2003).

The Simple Way

If you’re reasonably assured your remote server exists and you have connectivity to it then you can write a simple script to:

  • make a TCP connection to the SSL port of the host you wish to check
  • obtain a SSL stream from the TCP connection
  • SSL authenticate as a client
  • obtain the X509 certificate of the remote server from the SSL stream
  • obtain the NotAfter field from the X509 certificate

That script is as follows:

Set-StrictMode -Version 2.0

#Requires -Version 2.0

$HostName = "www.google.com"
$Port = 443

# get TCP connection
[System.Net.Sockets.TcpClient]$TcpClient = $null
$TcpClient = New-Object "System.Net.Sockets.TcpClient"
try {
    $TcpClient.Connect( [System.String]$HostName, [System.Int32]$Port )
} catch {
    Throw "TCP connection error: $_"
}

# get SSL stream from TCP connection
[System.Net.Security.SslStream]$SslStream = $null
$SslStream = $TcpClient.GetStream()

# authenticate SSL stream
try {
    $SslStream.AuthenticateAsClient( $HostName )
} catch {
    Throw "Failed to authenticate SSL stream: $_"
}

# get X509 certificate
[System.Security.Cryptography.X509Certificates.X509Certificate]$cert = $null
$cert = $SslStream.RemoteCertificate

# get X509 certificate with extra properties
[System.Security.Cryptography.X509Certificates.X509Certificate2]$cer2 = $null
$cer2 = New-Object "System.Security.Cryptography.X509Certificates.X509Certificate2" -ArgumentList $cert

# output expiry
$cer2.NotAfter

# close stream and connection
$SslStream.Close()
$TcpClient.Close()

Implementing Timeouts

The fact is that some operations will take a long time when things go wrong. In the code above there are two moments things can block for a long time: making a TCP connection (if the remote end is not responding or the firewall is consuming network traffic), and authenticating the SSL stream (when, for example, the connected service is not SSL and doesn’t response to the authentication process).

In PowerShell we can use the Begin/End form of operations and wait up to a specified number of milliseconds (time) before we give up. The code to do that follows:


Set-StrictMode -Version 2.0

#Requires -Version 2.0

$HostName = "www.google.com"
$Port = 443

# get TCP connection
[System.Net.Sockets.TcpClient]$TcpClient = $null
$TcpClient = New-Object "System.Net.Sockets.TcpClient"
[System.IAsyncResult]$IAsyncResult = $TcpClient.BeginConnect(
    [String]$HostName,
    [System.Int32]$Port,
    $null, # AsyncCallback
    $null # user-defined Object
)

[System.Threading.ManualResetEvent]$AsyncWaitHandle = $null
$AsyncWaitHandle = $IAsyncResult.AsyncWaitHandle

[System.Boolean]$Wait = $AsyncWaitHandle.WaitOne( 5000 ) # 5s timeout

if ( $Wait ) {
    # object was signalled, i.e. connect finished or errored
    try {
        $TcpClient.EndConnect( $IAsyncResult )
        if ( -not $TcpClient.Connected ) {
            Throw "TCP connection not connected!"
        }
    } catch {
        Throw "TCP connection error: $_"
    }
} else {
    # timeout
    $TcpClient.Close() # can't wait for EndConnect, so destroy client
    Throw "TCP connection TIMEOUT"
}

# get SSL stream from TCP connection
[System.Net.Security.SslStream]$SslStream = $null
$SslStream = $TcpClient.GetStream()

# authenticate SSL stream
[System.IAsyncResult]$IAsyncResult = $SslStream.BeginAuthenticateAsClient(
    [String]$HostName,
    $null, # AsyncCallback
    $null # user-defined Object
)

[System.Threading.ManualResetEvent]$AsyncWaitHandle = $null
$AsyncWaitHandle = $IAsyncResult.AsyncWaitHandle

[System.Boolean]$Wait = $AsyncWaitHandle.WaitOne( 5000 ) # 5s timeout

if ( $Wait ) {
    # object was signalled, i.e. authenticate finished or errored
    try {
        $SslStream.EndAuthenticateAsClient( $IAsyncResult )
    } catch {
        Throw "SSL authentication error: $_"
    }
} else {
    # timeout
    $SslStream.Close() # can't wait for authenticate, so destroy stream
    $TcpClient.Close() # close TCP connection
    Throw "SSL authentication TIMEOUT"
}

# get X509 certificate
[System.Security.Cryptography.X509Certificates.X509Certificate]$cert = $null
$cert = $SslStream.RemoteCertificate

# get X509 certificate with extra properties
[System.Security.Cryptography.X509Certificates.X509Certificate2]$cer2 = $null
$cer2 = New-Object "System.Security.Cryptography.X509Certificates.X509Certificate2" -ArgumentList $cert

# output expiry
$cer2.NotAfter

# close stream and connection
$SslStream.Close()
$TcpClient.Close()

Not Requiring Validation of SSL Certification

So, you want to check a SSL certificate’s expiry date, and you don’t really care what the name is on the remote server certificate. You will be getting validation errors by now, like the following:

Exception calling "AuthenticateAsClient" with "1" argument(s): "The remote certificate is invalid according to the validation procedure."

You replace the following lines of code:

# get SSL stream from TCP connection
[System.Net.Security.SslStream]$SslStream = $null
$SslStream = $TcpClient.GetStream()

with:

# get SSL stream from TCP connection
[System.Net.Security.SslStream]$SslStream = $null
$SslStream = New-Object System.Net.Security.SslStream(
    $TcpClient.GetStream(),
    $True,
    [System.Net.Security.RemoteCertificateValidationCallback]{ $true }
)

This works fine on the first code example given above without timeouts.

But for the asynchronous code with timeouts this attempt to bypass certificate validation gives the error:

SSL authentication error: Exception calling "EndAuthenticateAsClient" with "1" argument(s): "There is no Runspace available to run scripts in this thread. You can provide one in the DefaultRunspace property of the System.Management.Automation.Runspaces.Runspace type. The script block you attempted to invoke was:  $true "

Okay things are quickly becoming rather tricky rather fast. The issue has been explained elsewhere as:

Asynchronous callback delegates are not a friend to PowerShell. They are serviced by the .NET threadpool which means that if they point to script blocks, there will be no Runspace available to execute them. Runspaces are thread-local resources in the PowerShell threadpool. The .NET threadpool, operating independently, is not too interested in coordinating callbacks with PowerShell. So what do we do?

We’re basically forced to drop into C#/.NET world whether we like it or not. So we might as well provide our own simple class that creates the appropriate callback function.

Add-Type @'
public class MyNoValidate {
  private static System.Boolean bypassvalidation(
    System.Object sender,
    System.Security.Cryptography.X509Certificates.X509Certificate certificate,
    System.Security.Cryptography.X509Certificates.X509Chain chain,
    System.Net.Security.SslPolicyErrors sslPolicyErrors
  ) {
    return true;
  }

  public static System.Net.Security.RemoteCertificateValidationCallback getcallback() {
    System.Net.Security.RemoteCertificateValidationCallback cb;

    cb = new System.Net.Security.RemoteCertificateValidationCallback(
      bypassvalidation
    );

    return cb;
  }
}
'@

and then:

# get SSL stream from TCP connection
[System.Net.Security.SslStream]$SslStream = $null
[System.Net.Security.RemoteCertificateValidationCallback]$Callback = $null
$Callback = [MyNoValidate]::getcallback()
$SslStream = New-Object System.Net.Security.SslStream(
    $TcpClient.GetStream(),
    $True,
    $Callback
)

Now you can get your SSL certificate without having to know the name on the certificate first – with timeouts, too!

Final Note

When getting the expiry time of a SSL certificate please avoid (don’t use) the System.Security.Cryptography.X509Certificates.X509Certificate2.GetExpirationDateString() method! You cannot be sure what you’re getting – whether the date is in USA format or the rest of the world format, or local or UTC time. Much, much better to use the System.Security.Cryptography.X509Certificates.X509Certificate2.NotAfter property of type System.DateTime.