#!/bin/sh
#
# This script will extract the necessary certificate from the IMAP server
# It assumes that an attacker isn't trying to spoof you when you connect
# to the IMAP server!  You're better off downloading the certificate
# from a trusted source.
#
# Copyright (C) 2003 Theodore Ts'o <tytso@alum.mit.edu>
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
#

HOST=$1
TMPFILE=/tmp/get-cert.$$
ERRFILE=/tmp/get-cert-err.$$
CERTFILE=/tmp/cert.$$

echo QUIT | openssl s_client -connect $HOST:993 -showcerts \
	> $TMPFILE 2> $ERRFILE
sed -e '1,/^-----BEGIN CERTIFICATE-----/d' \
	-e '/^-----END CERTIFICATE-----/,$d' < $TMPFILE > $CERTFILE

if test -s $CERTFILE ; then
	echo -----BEGIN CERTIFICATE-----
	cat $CERTFILE
	echo -----END CERTIFICATE-----
else
	echo "Couldn't retrieve certificate.  Openssl reported the following errors"
	cat $ERRFILE
fi
/bin/rm -f $TMPFILE $ERRFILE $CERTFILE