get-cert 1.8 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162
  1. #!/bin/sh
  2. #
  3. # This script will extract the necessary certificate from the IMAP server
  4. # It assumes that an attacker isn't trying to spoof you when you connect
  5. # to the IMAP server! You're better off downloading the certificate
  6. # from a trusted source.
  7. #
  8. # Copyright (C) 2003 Theodore Ts'o <tytso@alum.mit.edu>
  9. # This program is free software; you can redistribute it and/or modify
  10. # it under the terms of the GNU General Public License as published by
  11. # the Free Software Foundation; either version 2 of the License, or
  12. # (at your option) any later version.
  13. #
  14. # This program is distributed in the hope that it will be useful,
  15. # but WITHOUT ANY WARRANTY; without even the implied warranty of
  16. # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  17. # GNU General Public License for more details.
  18. #
  19. # You should have received a copy of the GNU General Public License
  20. # along with this program; if not, write to the Free Software Foundation,
  21. # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
  22. #
  23. if [ $# != 1 ]; then
  24. echo "Usage: $0 <host>" >&2
  25. exit 1
  26. fi
  27. HOST=$1
  28. seed=`date '+%s'`
  29. try=0
  30. while :; do
  31. TMPDIR=/tmp/get-cert.$$.$seed
  32. mkdir $TMPDIR 2> /dev/null && break
  33. if [ $try = 1000 ]; then
  34. echo "Cannot create temporary directory." >&2
  35. exit 1
  36. fi
  37. try=`expr $try + 1`
  38. seed=`expr \( \( $seed \* 1103515245 \) + 12345 \) % 2147483648`
  39. done
  40. TMPFILE=$TMPDIR/get-cert
  41. ERRFILE=$TMPDIR/get-cert-err
  42. CERTFILE=$TMPDIR/cert
  43. echo QUIT | openssl s_client -connect $HOST:993 -showcerts \
  44. > $TMPFILE 2> $ERRFILE
  45. sed -e '1,/^-----BEGIN CERTIFICATE-----/d' \
  46. -e '/^-----END CERTIFICATE-----/,$d' < $TMPFILE > $CERTFILE
  47. if test -s $CERTFILE ; then
  48. echo -----BEGIN CERTIFICATE-----
  49. cat $CERTFILE
  50. echo -----END CERTIFICATE-----
  51. else
  52. echo "Couldn't retrieve certificate. openssl reported the following errors:"
  53. cat $ERRFILE
  54. fi
  55. rm -r $TMPDIR