compile and run!
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

74 lines
1.5 KiB

#!/bin/sh
#
# SPDX-FileCopyrightText: 2003 Theodore Ts'o <tytso@alum.mit.edu>
# SPDX-License-Identifier: GPL-2.0-or-later
#
# This script will extract the necessary certificate from the IMAP server
# It assumes that an attacker isn't trying to spoof you when you connect
# to the IMAP server! You're better off downloading the certificate
# from a trusted source.
#
usage() {
echo "Usage: $0 [-s] <host>" >&2
echo " -s Use IMAP+STARTTLS (port 143) instead of IMAPS (port 993)" >&2
exit 1
}
STARTTLS=false
while getopts "s" opt; do
case $opt in
s) STARTTLS=true ;;
*) usage ;;
esac
done
shift `expr $OPTIND - 1`
if [ $# -ne 1 ]; then
usage
fi
HOST=$1
seed=`date '+%s'`
try=0
while :; do
TMPDIR=/tmp/get-cert.$$.$seed
mkdir $TMPDIR 2> /dev/null && break
if [ $try = 1000 ]; then
echo "Cannot create temporary directory." >&2
exit 1
fi
try=`expr $try + 1`
seed=`expr \( \( $seed \* 1103515245 \) + 12345 \) % 2147483648`
done
TMPFILE=$TMPDIR/get-cert
ERRFILE=$TMPDIR/get-cert-err
CERTFILE=$TMPDIR/cert
if $STARTTLS; then
FLAGS="-starttls imap"
PORT=143
else
FLAGS=
PORT=993
fi
echo QUIT | openssl s_client $FLAGS -connect $HOST:$PORT -showcerts \
> $TMPFILE 2> $ERRFILE
sed -e '1,/^-----BEGIN CERTIFICATE-----/d' \
-e '/^-----END CERTIFICATE-----/,$d' < $TMPFILE > $CERTFILE
if test -s $CERTFILE ; then
echo -----BEGIN CERTIFICATE-----
cat $CERTFILE
echo -----END CERTIFICATE-----
else
echo "Couldn't retrieve certificate. openssl reported the following errors:"
cat $ERRFILE
fi
rm -r $TMPDIR