On 2008-06-14 at 16:31 +0100, Martin A. Brooks wrote:
> Call me paranoid, but I want to verify that the certificate is actually
> being used and I've drawn a blank as to how to do that. My usual tools
> for SMTP kung-fu, swaks, doesn't have a "show me the cert" option nor
> can I switch enough debugging on for it to show me sufficient details.
If stuck with an older openssl which doesn't wait for the SMTP
connection banner when using -starttls, and if you have Perl with
Net::SSLeay available, then:
http://people.spodhuis.org/phil.pennock/software/smtp_tls_cert.pl
I wrote it to have a tool to let me connect to an SMTP service, use
STARTTLS and get the PEM form of the certificate, so that I can then use
the normal "openssl x509" manipulation commands and do things like
verify fields, etc. With synchronisation and a proper QUIT.
Has proven useful for me.
-Phil
