s_dump_smtp

#! /bin/sh
# s_dump_smtp (Bourne shell script) -- Connects to an SMTP server, invokes STARTTLS and shows info about the X.509 certificate
#
# Version: 1.2
# Copyright: (c) 2019 Alastair Irvine <alastair@plug.org.au>
# Keywords: openssl, SSL, TLS, secure certificate
# Licence: This file is released under the GNU General Public License v2
#
# Uses "Server Name Indication" (SNI) with TLS and EHLO

# Similar to "-nameopt RFC2253" but with semicolons and without dn_rev
OPTS="-nameopt esc_2253,esc_ctrl,esc_msb,utf8,dump_nostr,dump_unknown,dump_der,sep_semi_plus_space,sname"
SELF=$(basename "$0")

if [ "$1" = -P ] ; then
  PORT=$2
  shift
  shift
fi

if [ "$1" = -E ] ; then
  EHLO=$2
  shift
  shift
else
  # Reverse-resolve the external IPv4 address to get the EHLO hostname
  # ...if the `dig` command exists
  if type dig >/dev/null
  then
    ip=$(dig -4 +short myip.opendns.com a @resolver1.opendns.com)
    if reverse_record=$(dig +short -x $ip)
    then
      # Removed the trailing "." from `dig` output
      EHLO=${reverse_record%.}
    fi
  fi
fi

if [ $# -lt 1 -o $# -gt 3 ] ; then
  echo "Usage: $SELF [ -P <port> ] <servername> [ <sitename> ] [ <opts> ]" >&2
  exit 1
fi

if [ -z "$SSL_PATH" ] ; then
  if [ -d /etc/pki/tls ] ; then
    SSL_PATH=/etc/pki/tls
  else
    SSL_PATH=/etc/ssl
  fi
fi

openssl s_client -connect $1:${PORT-587} ${3:--no_ssl3} -CApath $SSL_PATH/certs/ \
                 -starttls smtp -servername ${2:-$1} ${EHLO:+-name $EHLO} < /dev/null |
  openssl x509 -text $OPTS -noout |
  ${PAGER:-less}