[Rt-commit] rt branch, 4.2/validate-ssl-mailgate, created. rt-4.0.4-379-g977a3bc

Alex Vandiver alexmv at bestpractical.com
Wed Jan 25 13:21:08 EST 2012 

The branch, 4.2/validate-ssl-mailgate has been created
        at  977a3bcd04710a5193125ca034e239a324e1c693 (commit)

- Log -----------------------------------------------------------------
commit 977a3bcd04710a5193125ca034e239a324e1c693
Author: Alex Vandiver <alexmv at bestpractical.com>
Date:   Wed Jan 25 13:13:42 2012 -0500

    Default to verifying SSL certificate in the mail gateway
    
    By bumping the LWP dependency to 6.0, we rely on a user agent which
    verifies SSL certificates.  With this, SSL verification defaults to on;
    sites using a local CA can use --ca-file, and sites using a self-signed
    certificate can use --ca-file or --no-verify-ssl.
    
    Verifying SSL certificates still requires that additional modules be
    installed at configure-time, however.

diff --git a/bin/rt-mailgate.in b/bin/rt-mailgate.in
index b86b562..8085560 100755
--- a/bin/rt-mailgate.in
+++ b/bin/rt-mailgate.in
@@ -144,12 +144,6 @@ sub validate_cli_flags {
         return $self->permfail();
     }
 
-    if (($opts->{'ca-file'} or $opts->{"verify-ssl"})
-            and not LWP::UserAgent->can("ssl_opts")) {
-        print STDERR "Verifying SSL certificates requires LWP::UserAgent 6.0 or higher.\n";
-        return $self->tempfail();
-    }
-
     $opts->{"verify-ssl"} = 1 unless defined $opts->{"verify-ssl"};
 }
 
@@ -159,11 +153,9 @@ sub get_useragent {
     my $ua   = LWP::UserAgent->new();
     $ua->cookie_jar( { file => $opts->{'jar'} } ) if $opts->{'jar'};
 
-    if ( $ua->can("ssl_opts") ) {
-        $ua->ssl_opts( verify_hostname => $opts->{'verify-ssl'} );
-        $ua->ssl_opts( SSL_ca_file => $opts->{'ca-file'} )
-            if $opts->{'ca-file'};
-    }
+    $ua->ssl_opts( verify_hostname => $opts->{'verify-ssl'} );
+    $ua->ssl_opts( SSL_ca_file => $opts->{'ca-file'} )
+        if $opts->{'ca-file'};
 
     return $ua;
 }
@@ -390,9 +382,6 @@ of CA.  This is required if you have a self-signed certificate, or some
 other certificate which is not traceable back to an certificate your
 system ultimitely trusts.
 
-Verifying SSL certificates requires L<LWP::UserAgent> version 6.0 or
-higher; explicitly passing C<--verify-ssl> on prior versions will error.
-
 =item C<--extension> OPTIONAL
 
 Some MTAs will route mail sent to user-foo at host or user+foo at host to user at host
diff --git a/sbin/rt-test-dependencies.in b/sbin/rt-test-dependencies.in
index 97a0a8e..5508f87 100755
--- a/sbin/rt-test-dependencies.in
+++ b/sbin/rt-test-dependencies.in
@@ -253,7 +253,7 @@ $deps{'MAILGATE'} = [ text_to_hash( << '.') ];
 HTML::TreeBuilder
 HTML::FormatText
 Getopt::Long
-LWP::UserAgent
+LWP::UserAgent 6.0
 Pod::Usage
 .
 

-----------------------------------------------------------------------

More information about the Rt-commit mailing list