From d7305e12d9f348975eb0f1a29be3b9f9999d76d3 Mon Sep 17 00:00:00 2001
From: Behnam Lal <dev@behnamlal.xyz>
Date: Sun, 29 Sep 2024 14:35:11 +0200
Subject: [PATCH] mbsync-get-cert: add support for STARTTLS

nowadays, many servers offer STARTTLS on the default IMAP port 143
instead of (or in addition to) the traditional IMAP over SSL/TLS (IMAPS)
on port 993.

this patch has been fixed up somewhat by the maintainer.
---
 mbsync-get-cert | 30 +++++++++++++++++++++++++++---
 1 file changed, 27 insertions(+), 3 deletions(-)

diff --git a/mbsync-get-cert b/mbsync-get-cert
index 19e1485..d8f194a 100755
--- a/mbsync-get-cert
+++ b/mbsync-get-cert
@@ -9,9 +9,25 @@
 # from a trusted source.
 #
 
-if [ $# != 1 ]; then
-	echo "Usage: $0 <host>" >&2
+usage() {
+	echo "Usage: $0 [-s] <host>" >&2
+	echo "  -s        Use IMAP+STARTTLS (port 143) instead of IMAPS (port 993)" >&2
 	exit 1
+}
+
+STARTTLS=false
+
+while getopts "s" opt; do
+	case $opt in
+	s) STARTTLS=true ;;
+	*) usage ;;
+	esac
+done
+
+shift `expr $OPTIND - 1`
+
+if [ $# -ne 1 ]; then
+	usage
 fi
 
 HOST=$1
@@ -33,7 +49,15 @@ TMPFILE=$TMPDIR/get-cert
 ERRFILE=$TMPDIR/get-cert-err
 CERTFILE=$TMPDIR/cert
 
-echo QUIT | openssl s_client -connect $HOST:993 -showcerts \
+if $STARTTLS; then
+	FLAGS="-starttls imap"
+	PORT=143
+else
+	FLAGS=
+	PORT=993
+fi
+
+echo QUIT | openssl s_client $FLAGS -connect $HOST:$PORT -showcerts \
 	> $TMPFILE 2> $ERRFILE
 sed -e '1,/^-----BEGIN CERTIFICATE-----/d' \
 	-e '/^-----END CERTIFICATE-----/,$d' < $TMPFILE > $CERTFILE