From f65c459b51bd1a1e4453a89512508de74f52e5b1 Mon Sep 17 00:00:00 2001 From: Aaron LI Date: Wed, 3 Feb 2016 14:24:07 +0800 Subject: Add _bin/get_cert.sh; Update README.md --- README.md | 16 +++++++++++++++- _bin/get_cert.sh | 39 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 54 insertions(+), 1 deletion(-) create mode 100755 _bin/get_cert.sh diff --git a/README.md b/README.md index 5f4f6f9..eec35f7 100644 --- a/README.md +++ b/README.md @@ -7,15 +7,29 @@ Personal & collected dotfiles ~~~ * `freebsd`: FreeBSD-specific configurations +# Configuration Notes + +## Gmail IMAP +* 'Auto-Expunge' => off: for better performance + +## msmtp: TLS +* ``tls_fingerprint``: + ``$ msmtp --serverinfo --tls --tls-certcheck=off --host=`` + +## offlineimap: fingerprint +Use the little script ``_bin/get_cert.sh`` + # Explicit home or other path Following files contains (at least currently) the *explicit* home or other paths: +* ``_notmuch-config``: database.path * ``_config/alot/config``: maildir + Distributed under MIT License. Aaron LI -GnuPG key: Aaron LI +GnuPG key: Aaron LI Fingerprint: AC34 64FA DAAE 6321 8609 9CA6 240E 2A63 5D72 729A diff --git a/_bin/get_cert.sh b/_bin/get_cert.sh new file mode 100755 index 0000000..3cf44d1 --- /dev/null +++ b/_bin/get_cert.sh @@ -0,0 +1,39 @@ +#!/bin/sh +# +# Get the certificate of a server +# +# Reference: +# [1] ArchWiki - Isync +# https://wiki.archlinux.org/index.php/Isync +# +# Aaron LI +# Created: 2016-01-30 +# + +if [ $# -ne 1 ] && [ $# -ne 2 ]; then + echo "Usage:" + echo " `basename $0` : [ output.pem ]" + exit 1 +fi + +SERVER="$1" +HOST=`echo "${SERVER}" | cut -d':' -f1` +PORT=`echo "${SERVER}" | cut -d':' -f2` +PEM="$2" +[ -z "${PEM}" ] && PEM="${HOST}.pem" + +openssl s_client -connect ${HOST}:${PORT} -showcerts 2>&1 < /dev/null | \ + sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' | \ + sed -ne '1,/-END CERTIFICATE-/p' > ${PEM} + +FINGERPRINT=`openssl x509 -noout -in ${PEM} -fingerprint -sha1 | cut -d'=' -f2` +FINGERPRINT2=`echo "${FINGERPRINT}" | tr -d ':' | tr '[[:upper:]]' '[[:lower:]]'` + +NOT_BEFORE=`openssl x509 -noout -in ${PEM} -dates | grep 'notBefore' | cut -d'=' -f2` +NOT_AFTER=`openssl x509 -noout -in ${PEM} -dates | grep 'notAfter' | cut -d'=' -f2` + +echo "Fingerprint_SHA1: ${FINGERPRINT} / ${FINGERPRINT2}" +echo "Validity: ${NOT_BEFORE} - ${NOT_AFTER}" +echo "Certificate save to file: ${PEM}" +echo "Place the certificate to a cert directory, and rehash with 'c_rehash'" + -- cgit v1.2.2