summaryrefslogtreecommitdiff
path: root/get-cert
diff options
context:
space:
mode:
Diffstat (limited to 'get-cert')
-rwxr-xr-xget-cert62
1 files changed, 62 insertions, 0 deletions
diff --git a/get-cert b/get-cert
new file mode 100755
index 0000000..a7d10fb
--- /dev/null
+++ b/get-cert
@@ -0,0 +1,62 @@
+#!/bin/sh
+#
+# This script will extract the necessary certificate from the IMAP server
+# It assumes that an attacker isn't trying to spoof you when you connect
+# to the IMAP server! You're better off downloading the certificate
+# from a trusted source.
+#
+# Copyright (C) 2003 Theodore Ts'o <tytso@alum.mit.edu>
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+#
+
+if [ $# != 1 ]; then
+ echo "Usage: $0 <host>" >&2
+ exit 1
+fi
+
+HOST=$1
+
+seed=`date '+%s'`
+try=0
+while :; do
+ TMPDIR=/tmp/get-cert.$$.$seed
+ mkdir $TMPDIR 2> /dev/null && break
+ if [ $try = 1000 ]; then
+ echo "Cannot create temporary directory." >&2
+ exit 1
+ fi
+ try=`expr $try + 1`
+ seed=`expr \( \( $seed \* 1103515245 \) + 12345 \) % 2147483648`
+done
+
+TMPFILE=$TMPDIR/get-cert
+ERRFILE=$TMPDIR/get-cert-err
+CERTFILE=$TMPDIR/cert
+
+echo QUIT | openssl s_client -connect $HOST:993 -showcerts \
+ > $TMPFILE 2> $ERRFILE
+sed -e '1,/^-----BEGIN CERTIFICATE-----/d' \
+ -e '/^-----END CERTIFICATE-----/,$d' < $TMPFILE > $CERTFILE
+
+if test -s $CERTFILE ; then
+ echo -----BEGIN CERTIFICATE-----
+ cat $CERTFILE
+ echo -----END CERTIFICATE-----
+else
+ echo "Couldn't retrieve certificate. openssl reported the following errors:"
+ cat $ERRFILE
+fi
+
+rm -r $TMPDIR