| 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950 |
- #!/bin/sh
- #
- # SPDX-FileCopyrightText: 2003 Theodore Ts'o <tytso@alum.mit.edu>
- # SPDX-License-Identifier: GPL-2.0-or-later
- #
- # This script will extract the necessary certificate from the IMAP server
- # It assumes that an attacker isn't trying to spoof you when you connect
- # to the IMAP server! You're better off downloading the certificate
- # from a trusted source.
- #
- if [ $# != 1 ]; then
- echo "Usage: $0 <host>" >&2
- exit 1
- fi
- HOST=$1
- seed=`date '+%s'`
- try=0
- while :; do
- TMPDIR=/tmp/get-cert.$$.$seed
- mkdir $TMPDIR 2> /dev/null && break
- if [ $try = 1000 ]; then
- echo "Cannot create temporary directory." >&2
- exit 1
- fi
- try=`expr $try + 1`
- seed=`expr \( \( $seed \* 1103515245 \) + 12345 \) % 2147483648`
- done
- TMPFILE=$TMPDIR/get-cert
- ERRFILE=$TMPDIR/get-cert-err
- CERTFILE=$TMPDIR/cert
- echo QUIT | openssl s_client -connect $HOST:993 -showcerts \
- > $TMPFILE 2> $ERRFILE
- sed -e '1,/^-----BEGIN CERTIFICATE-----/d' \
- -e '/^-----END CERTIFICATE-----/,$d' < $TMPFILE > $CERTFILE
- if test -s $CERTFILE ; then
- echo -----BEGIN CERTIFICATE-----
- cat $CERTFILE
- echo -----END CERTIFICATE-----
- else
- echo "Couldn't retrieve certificate. openssl reported the following errors:"
- cat $ERRFILE
- fi
- rm -r $TMPDIR
|
