From b4d76970611ffb8284275794bf7deb7ad5ab976e Mon Sep 17 00:00:00 2001
From: pyllyukko <pyllyukko@maimed.org>
Date: Wed, 4 Dec 2024 21:56:56 +0200
Subject: [PATCH] First test with ca-certs test

---
 .github/workflows/ca-certs.yml | 11 ++++++++++
 tests/test_ca-certs.sh         | 40 ++++++++++++++++++++++++++++++++++
 2 files changed, 51 insertions(+)
 create mode 100644 .github/workflows/ca-certs.yml
 create mode 100644 tests/test_ca-certs.sh

diff --git a/.github/workflows/ca-certs.yml b/.github/workflows/ca-certs.yml
new file mode 100644
index 00000000..2bcbde07
--- /dev/null
+++ b/.github/workflows/ca-certs.yml
@@ -0,0 +1,11 @@
+name: ca-certs
+on: [push, pull_request]
+
+jobs:
+  ca-certs:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+      - name: Run test_ca-certs.sh
+        run: bash tests/test_ca-certs.sh
diff --git a/tests/test_ca-certs.sh b/tests/test_ca-certs.sh
new file mode 100644
index 00000000..5429b808
--- /dev/null
+++ b/tests/test_ca-certs.sh
@@ -0,0 +1,40 @@
+#!/bin/bash
+
+ca_file=./ca-certificates.crt
+
+while read
+do
+  if [ ! -f "/usr/share/ca-certificates/${REPLY}" ]
+  then
+    echo "[-] CA \`${REPLY}' does not exist" 1>&2
+    exit 1
+  fi
+  cat "/usr/share/ca-certificates/${REPLY}"
+done 0<newconfs/ca-certificates.conf.new 1>"${ca_file}"
+
+for host in \
+  media.defcon.org		\
+  download.docker.com		\
+  download.qt.io		\
+  www.offsec.com		\
+  www.unicorn-engine.org	\
+  www.eff.org			\
+  dl.discordapp.net		\
+  www.mirrorservice.org		\
+  www.fireeye.com		\
+  storage.googleapis.com	\
+  www.dwheeler.com		\
+  cdn.kernel.org		\
+  cisofy.com			\
+  letsencrypt.org
+do
+  openssl s_client -connect "${host}":443 -verify_return_error -CAfile "${ca_file}" -showcerts 0</dev/null || exit 1
+done
+
+for host in \
+  mx01.mail.icloud.com
+do
+  openssl s_client -connect "${host}":25 -starttls smtp -verify_return_error -CAfile "${ca_file}" -showcerts 0</dev/null || exit 1
+done
+
+rm -v "${ca_file}"