#!/bin/sh
###
### Fetch and output SSL/TLS certificate from given
### server and service by using OpenSSL
### by Matti 'ccr' Hämäläinen <ccr@tnsp.org>
###
PRG_NAME="$(basename "$0")"
if test $# -ne 2; then
  echo "Usage: $PRG_NAME <example.com> <smtp|imap|imaps|www|<port_number>>"
  echo "Check and print out SSL/TLS certificate from given host / service / port."
  exit 0
fi

SERVER="$1"
TYPE="$2"
OPTS=""
DATA="\r\n"

case "$TYPE" in
  smtp)
	PORT="587"
	OPTS="-starttls smtp"
  	;;
  imaps)
	PORT="993"
  	;;
  imap)
	PORT="143"
	OPTS="-starttls imap"
  	;;
  www|http*)
	PORT="443"
	OPTS="-servername \"$SERVER\""
  	;;
  [0-9]*)
  	PORT="$TYPE"
  	TYPE="raw"
  	;;
  *)
  	echo "ERROR: Invalid type '$TYPE'."
  	exit 1
esac

CMD="openssl s_client $OPTS -connect \"${SERVER}:${PORT}\""

echo "INFO: Connecting $TYPE to $SERVER port $PORT .." > /dev/stderr
echo "INFO: $CMD | openssl x509 -text" > /dev/stderr

printf "$DATA" | eval "$CMD" -showcerts | openssl x509 -text