#!/bin/sh # # SPDX-FileCopyrightText: 2003 Theodore Ts'o # SPDX-License-Identifier: GPL-2.0-or-later # # This script will extract the necessary certificate from the IMAP server # It assumes that an attacker isn't trying to spoof you when you connect # to the IMAP server! You're better off downloading the certificate # from a trusted source. # usage() { echo "Usage: $0 [-s] " >&2 echo " -s Use IMAP+STARTTLS (port 143) instead of IMAPS (port 993)" >&2 exit 1 } STARTTLS=false while getopts "s" opt; do case $opt in s) STARTTLS=true ;; *) usage ;; esac done shift `expr $OPTIND - 1` if [ $# -ne 1 ]; then usage fi HOST=$1 seed=`date '+%s'` try=0 while :; do TMPDIR=/tmp/get-cert.$$.$seed mkdir $TMPDIR 2> /dev/null && break if [ $try = 1000 ]; then echo "Cannot create temporary directory." >&2 exit 1 fi try=`expr $try + 1` seed=`expr \( \( $seed \* 1103515245 \) + 12345 \) % 2147483648` done TMPFILE=$TMPDIR/get-cert ERRFILE=$TMPDIR/get-cert-err CERTFILE=$TMPDIR/cert if $STARTTLS; then FLAGS="-starttls imap" PORT=143 else FLAGS= PORT=993 fi echo QUIT | openssl s_client $FLAGS -connect $HOST:$PORT -showcerts \ > $TMPFILE 2> $ERRFILE sed -e '1,/^-----BEGIN CERTIFICATE-----/d' \ -e '/^-----END CERTIFICATE-----/,$d' < $TMPFILE > $CERTFILE if test -s $CERTFILE ; then echo -----BEGIN CERTIFICATE----- cat $CERTFILE echo -----END CERTIFICATE----- else echo "Couldn't retrieve certificate. openssl reported the following errors:" cat $ERRFILE fi rm -r $TMPDIR