Re: [rt-users] RT 4.0.2 SSL Email Verification Failed
On 10/17/2011 11:51 AM, Luciano Ernesto da Silva wrote: I was testing RT with a self-signed certificate(SSL), I send a email to queue, but in /var/log/mail I got this: (temporary failure. Command output: An Error Occurred = 500 Can't connect to rt4.dev.ufrgs.br:443 (certificate verify failed) ) [snip] As described here http://blogs.perl.org/users/brian_d_foy/2011/07/now-you-need-lwpprotocolhttps.html I made and applied a patch against file Rt-mailgate, around line 151: - my $ua = LWP::UserAgent->new(); + my $ua = LWP::UserAgent->new(ssl_opts => { verify_hostname => 0 }); Patch link here: http://pastebin.com/DQCH3R8L Now perl don’t check the certificate, and the queues receive all messages. *My question: Is this the correct approach for that*? No, this is wrong from a security standpoint, although it works since you're ignoring the cert data. You'll be vulnerable to a MITM attack. You should instead take the advice of the second half of brian's blog post and tell LWP::UserAgent about your root CA or install the root CA into your operating system's list of trusted CAs (which means you don't have to patch rt-mailgate). Thomas RT Training Sessions (http://bestpractical.com/services/training.html) * San Francisco, CA, USA October 18 & 19, 2011 * Washington DC, USA October 31 & November 1, 2011 * Barcelona, Spain November 28 & 29, 2011
[rt-users] RT 4.0.2 SSL Email Verification Failed
Hello, I was testing RT with a self-signed certificate(SSL), I send a email to queue, but in /var/log/mail I got this: (temporary failure. Command output: An Error Occurred = 500 Can't connect to rt4.dev.ufrgs.br:443 (certificate verify failed) ) No errors in other log files, like syslog or rt.log. The queues were not receiving mails. I installed all PERL dependencies to SSL, as described here http://www.gossamer-threads.com/lists/rt/users/71129 : Pod::Usage, HTML::TreeBuilder, Getopt::Long, HTML::FormatText, LWP::UserAgent And Crypt::SSLeay, LWP::Protocol::https As described here http://blogs.perl.org/users/brian_d_foy/2011/07/now-you-need-lwpprotocol https.html I made and applied a patch against file Rt-mailgate, around line 151: -my $ua = LWP::UserAgent->new(); +my $ua = LWP::UserAgent->new(ssl_opts => { verify_hostname => 0 }); Patch link here: http://pastebin.com/DQCH3R8L Now perl don't check the certificate, and the queues receive all messages. My question: Is this the correct approach for that? Luciano Silva RT Training Sessions (http://bestpractical.com/services/training.html) * San Francisco, CA, USA October 18 & 19, 2011 * Washington DC, USA October 31 & November 1, 2011 * Barcelona, Spain November 28 & 29, 2011