diff options
| -rwxr-xr-x | get-cert | 62 |
1 files changed, 62 insertions, 0 deletions
diff --git a/get-cert b/get-cert new file mode 100755 index 0000000..a7d10fb --- /dev/null +++ b/get-cert @@ -0,0 +1,62 @@ +#!/bin/sh +# +# This script will extract the necessary certificate from the IMAP server +# It assumes that an attacker isn't trying to spoof you when you connect +# to the IMAP server! You're better off downloading the certificate +# from a trusted source. +# +# Copyright (C) 2003 Theodore Ts'o <tytso@alum.mit.edu> +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA +# + +if [ $# != 1 ]; then + echo "Usage: $0 <host>" >&2 + exit 1 +fi + +HOST=$1 + +seed=`date '+%s'` +try=0 +while :; do + TMPDIR=/tmp/get-cert.$$.$seed + mkdir $TMPDIR 2> /dev/null && break + if [ $try = 1000 ]; then + echo "Cannot create temporary directory." >&2 + exit 1 + fi + try=`expr $try + 1` + seed=`expr \( \( $seed \* 1103515245 \) + 12345 \) % 2147483648` +done + +TMPFILE=$TMPDIR/get-cert +ERRFILE=$TMPDIR/get-cert-err +CERTFILE=$TMPDIR/cert + +echo QUIT | openssl s_client -connect $HOST:993 -showcerts \ + > $TMPFILE 2> $ERRFILE +sed -e '1,/^-----BEGIN CERTIFICATE-----/d' \ + -e '/^-----END CERTIFICATE-----/,$d' < $TMPFILE > $CERTFILE + +if test -s $CERTFILE ; then + echo -----BEGIN CERTIFICATE----- + cat $CERTFILE + echo -----END CERTIFICATE----- +else + echo "Couldn't retrieve certificate. openssl reported the following errors:" + cat $ERRFILE +fi + +rm -r $TMPDIR |