Re: [exim] verifying certificate information

Top Page
Delete this message
Reply to this message
Author: Phil Pennock
Date:  
To: Martin A. Brooks
CC: Exim Users
Subject: Re: [exim] verifying certificate information
On 2008-06-14 at 16:31 +0100, Martin A. Brooks wrote:
> Call me paranoid, but I want to verify that the certificate is actually
> being used and I've drawn a blank as to how to do that. My usual tools
> for SMTP kung-fu, swaks, doesn't have a "show me the cert" option nor
> can I switch enough debugging on for it to show me sufficient details.


If stuck with an older openssl which doesn't wait for the SMTP
connection banner when using -starttls, and if you have Perl with
Net::SSLeay available, then:

http://people.spodhuis.org/phil.pennock/software/smtp_tls_cert.pl

I wrote it to have a tool to let me connect to an SMTP service, use
STARTTLS and get the PEM form of the certificate, so that I can then use
the normal "openssl x509" manipulation commands and do things like
verify fields, etc. With synchronisation and a proper QUIT.

Has proven useful for me.

-Phil