SHARE
TWEET

Untitled

a guest Aug 23rd, 2019 460 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #!/bin/bash
  2.  
  3. # This script pulls ssl certs for using gmail smtp. Adapted from the following config explaination:
  4. # https://serverfault.com/questions/498588/smtp-gmail-com-from-bash-gives-error-in-certificate-peers-certificate-issuer
  5.  
  6. certdirectory="/home/user/.certs"
  7.  
  8. # Functions
  9.  
  10. fail() {
  11.     ec=$?
  12.     [ "${ec}" == "0" ] && ec=1
  13.     echo -e "FAILED[code=$ec]: $@"
  14.     exit $ec
  15. }
  16.  
  17. cleanup() {
  18.   rm allgcert* || warn "Cleanup of files errored"
  19.   rm gcert* || warn "Cleanup of files errored"
  20. }
  21.  
  22. failclean() {
  23.   cleanup
  24.   fail "$@"
  25. }
  26.  
  27. # Count number of certs currently being used (can change from time to time)
  28. numcerts=$(echo -n | openssl s_client -showcerts -connect smtp.gmail.com:465 | grep -c "i:")
  29.  
  30. # Create the certs directory if it does not exist
  31. mkdir -p $certdirectory || fail "Unable to create certificates directory"
  32.  
  33. # Pull certs to a local file for parsing
  34. echo -n | openssl s_client -showcerts -connect smtp.gmail.com:465 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > allgcert || failclean "Unable to pull certs from smtp.gmail.com"
  35.  
  36. # Parses certs output based on the number of certs, and outputs to individual files
  37. if (($numcerts > 1)) ; then
  38.   # Pulls the first cert out as it needs one extra line
  39.   sed '1,27!d' allgcert > gcert1
  40.   # For subsequent certs, it multiplies the cert number by the number of lines in the file where it should exist
  41.   for i in $(seq 2 $numcerts) ; do
  42.     sed "$((2 + (((($i - 1)) * 26))))"','"$((1 + (($i * 26))))"'!d' allgcert > gcert${i}
  43.   done
  44. fi
  45.  
  46. # Parses out certificate issuer names for installation
  47. echo -n | openssl s_client -showcerts -connect smtp.gmail.com:465 | grep i: | sed -e 's,.*=,,' > allgcertnames || failclean "Unable to output parsed names for certificates"
  48.  
  49. for i in $(seq 1 $numcerts) ; do
  50.   certutil -A -n "$(sed -n ${i}p allgcertnames)" -t "TC,," -d $certdirectory -i gcert${i} || failclean "Unable to import certificates to database"
  51. done
  52.  
  53. cleanup
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top