-
Notifications
You must be signed in to change notification settings - Fork 8
/
Copy paths_verify_imap
executable file
·36 lines (31 loc) · 1.02 KB
/
s_verify_imap
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
#! /bin/sh
# s_verify_imap (Bourne shell script) -- Connects to an IMAP server, invokes STARTTLS and verifies the X.509 certificate
#
# Version: 1.2
# Copyright: (c) 2019 Alastair Irvine <[email protected]>
# Keywords: openssl, SSL, TLS, secure certificate
# Licence: This file is released under the GNU General Public License v2
#
# Uses "Server Name Indication" (SNI) with TLS
# Note: Verifies the chain but won't actually compare the CN of the returned
# cert agains the server name
SELF=$(basename "$0")
if [ "$1" = -P ] ; then
PORT=$2
shift
shift
fi
if [ $# -lt 1 -o $# -gt 3 ] ; then
echo "Usage: $SELF [ -P <port> ] <servername> [ <sitename> ] [ <opts> ]" >&2
exit 1
fi
if [ -z "$SSL_PATH" ] ; then
if [ -d /etc/pki/tls ] ; then
SSL_PATH=/etc/pki/tls
else
SSL_PATH=/etc/ssl
fi
fi
openssl s_client -connect $1:${PORT-143} -starttls imap -servername ${2:-$1} ${3:--no_ssl3} -verify 20 -CApath $SSL_PATH/certs/ < /dev/null |
sed "/^-----BEGIN CERTIFICATE-----/,/^-----END CERTIFICATE-----/d" |
${PAGER:-less}