mbsync-get-cert 1.2 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950
  1. #!/bin/sh
  2. #
  3. # SPDX-FileCopyrightText: 2003 Theodore Ts'o <tytso@alum.mit.edu>
  4. # SPDX-License-Identifier: GPL-2.0-or-later
  5. #
  6. # This script will extract the necessary certificate from the IMAP server
  7. # It assumes that an attacker isn't trying to spoof you when you connect
  8. # to the IMAP server! You're better off downloading the certificate
  9. # from a trusted source.
  10. #
  11. if [ $# != 1 ]; then
  12. echo "Usage: $0 <host>" >&2
  13. exit 1
  14. fi
  15. HOST=$1
  16. seed=`date '+%s'`
  17. try=0
  18. while :; do
  19. TMPDIR=/tmp/get-cert.$$.$seed
  20. mkdir $TMPDIR 2> /dev/null && break
  21. if [ $try = 1000 ]; then
  22. echo "Cannot create temporary directory." >&2
  23. exit 1
  24. fi
  25. try=`expr $try + 1`
  26. seed=`expr \( \( $seed \* 1103515245 \) + 12345 \) % 2147483648`
  27. done
  28. TMPFILE=$TMPDIR/get-cert
  29. ERRFILE=$TMPDIR/get-cert-err
  30. CERTFILE=$TMPDIR/cert
  31. echo QUIT | openssl s_client -connect $HOST:993 -showcerts \
  32. > $TMPFILE 2> $ERRFILE
  33. sed -e '1,/^-----BEGIN CERTIFICATE-----/d' \
  34. -e '/^-----END CERTIFICATE-----/,$d' < $TMPFILE > $CERTFILE
  35. if test -s $CERTFILE ; then
  36. echo -----BEGIN CERTIFICATE-----
  37. cat $CERTFILE
  38. echo -----END CERTIFICATE-----
  39. else
  40. echo "Couldn't retrieve certificate. openssl reported the following errors:"
  41. cat $ERRFILE
  42. fi
  43. rm -r $TMPDIR