1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
|
#!/bin/sh
#
# SPDX-FileCopyrightText: 2003 Theodore Ts'o <tytso@alum.mit.edu>
# SPDX-License-Identifier: GPL-2.0-or-later
#
# This script will extract the necessary certificate from the IMAP server
# It assumes that an attacker isn't trying to spoof you when you connect
# to the IMAP server! You're better off downloading the certificate
# from a trusted source.
#
usage() {
echo "Usage: $0 [-s] <host>" >&2
echo " -s Use IMAP+STARTTLS (port 143) instead of IMAPS (port 993)" >&2
exit 1
}
STARTTLS=false
while getopts "s" opt; do
case $opt in
s) STARTTLS=true ;;
*) usage ;;
esac
done
shift `expr $OPTIND - 1`
if [ $# -ne 1 ]; then
usage
fi
HOST=$1
seed=`date '+%s'`
try=0
while :; do
TMPDIR=/tmp/get-cert.$$.$seed
mkdir $TMPDIR 2> /dev/null && break
if [ $try = 1000 ]; then
echo "Cannot create temporary directory." >&2
exit 1
fi
try=`expr $try + 1`
seed=`expr \( \( $seed \* 1103515245 \) + 12345 \) % 2147483648`
done
TMPFILE=$TMPDIR/get-cert
ERRFILE=$TMPDIR/get-cert-err
CERTFILE=$TMPDIR/cert
if $STARTTLS; then
FLAGS="-starttls imap"
PORT=143
else
FLAGS=
PORT=993
fi
echo QUIT | openssl s_client $FLAGS -connect $HOST:$PORT -showcerts \
> $TMPFILE 2> $ERRFILE
sed -e '1,/^-----BEGIN CERTIFICATE-----/d' \
-e '/^-----END CERTIFICATE-----/,$d' < $TMPFILE > $CERTFILE
if test -s $CERTFILE ; then
echo -----BEGIN CERTIFICATE-----
cat $CERTFILE
echo -----END CERTIFICATE-----
else
echo "Couldn't retrieve certificate. openssl reported the following errors:"
cat $ERRFILE
fi
rm -r $TMPDIR
|
