First test with ca-certs test

pyllyukko · Dec 4, 2024 · b4d7697 · b4d7697
1 parent 95552ab
commit b4d7697
Show file tree

Hide file tree

Showing 2 changed files with 51 additions and 0 deletions.
diff --git a/.github/workflows/ca-certs.yml b/.github/workflows/ca-certs.yml
@@ -0,0 +1,11 @@
+name: ca-certs
+on: [push, pull_request]
+
+jobs:
+  ca-certs:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+      - name: Run test_ca-certs.sh
+        run: bash tests/test_ca-certs.sh
diff --git a/tests/test_ca-certs.sh b/tests/test_ca-certs.sh
@@ -0,0 +1,40 @@
+#!/bin/bash
+
+ca_file=./ca-certificates.crt
+
+while read
+do
+  if [ ! -f "/usr/share/ca-certificates/${REPLY}" ]
+  then
+    echo "[-] CA \`${REPLY}' does not exist" 1>&2
+    exit 1
+  fi
+  cat "/usr/share/ca-certificates/${REPLY}"
+done 0<newconfs/ca-certificates.conf.new 1>"${ca_file}"
+
+for host in \
+  media.defcon.org		\
+  download.docker.com		\
+  download.qt.io		\
+  www.offsec.com		\
+  www.unicorn-engine.org	\
+  www.eff.org			\
+  dl.discordapp.net		\
+  www.mirrorservice.org		\
+  www.fireeye.com		\
+  storage.googleapis.com	\
+  www.dwheeler.com		\
+  cdn.kernel.org		\
+  cisofy.com			\
+  letsencrypt.org
+do
+  openssl s_client -connect "${host}":443 -verify_return_error -CAfile "${ca_file}" -showcerts 0</dev/null || exit 1
+done
+
+for host in \
+  mx01.mail.icloud.com
+do
+  openssl s_client -connect "${host}":25 -starttls smtp -verify_return_error -CAfile "${ca_file}" -showcerts 0</dev/null || exit 1
+done
+
+rm -v "${ca_file}"