On 2008-06-14 at 16:31 +0100, Martin A. Brooks wrote: > Call me paranoid, but I want to verify that the certificate is actually > being used and I've drawn a blank as to how to do that. My usual tools > for SMTP kung-fu, swaks, doesn't have a "show me the cert" option nor > can I switch enough debugging on for it to show me sufficient details.
If stuck with an older openssl which doesn't wait for the SMTP connection banner when using -starttls, and if you have Perl with Net::SSLeay available, then: http://people.spodhuis.org/phil.pennock/software/smtp_tls_cert.pl I wrote it to have a tool to let me connect to an SMTP service, use STARTTLS and get the PEM form of the certificate, so that I can then use the normal "openssl x509" manipulation commands and do things like verify fields, etc. With synchronisation and a proper QUIT. Has proven useful for me. -Phil -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
