[rt-users] rt-mailgate ignoring --no-verify-ssl?

Aaron C. de Bruyn aaron at heyaaron.com
Fri May 1 13:06:02 EDT 2015


Fixed it.  Apparently --no-verify-ssl only deals with the hostname on
the certificate.

I added the following to the 'use' section at the top of rt-mailgate:

use IO::Socket::SSL;

and then in the get_useragent function, I added the following ssl_opts line:

    $ua->ssl_opts( SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE );

Now my legitimately signed wildcard cert (*.mydomain.tld) doesn't
error out because of a bad hostname, or an untrusted cert in the
middle of the chain.

-A



On Wed, Apr 29, 2015 at 9:01 PM, Aaron C. de Bruyn <aaron at heyaaron.com> wrote:
> Mailgate has been driving me nuts.  I downloaded 4.2.10 and set it up
> on a bright, shiny new server.
>
> I'm running fetchmail on my RT box using the following to send tickets to RT:
>
> poll mail.mydomain.tld with protocol pop3
>    username engineering password -redacted- mda
> "/opt/rt4/bin/rt-mailgate --no-verify-ssl --queue engineering --action
> correspond --url https://tickets.mydomain.tld --debug"
>
> Fetchmail complains about the MDA erroring out.  Increasing fetchmail
> debugging shows:
>
> fetchmail: about to deliver with: /opt/rt4/bin/rt-mailgate
> --no-verify-ssl --queue engineering --action correspond --url
> https://tickets.mydomain.tld/ --debug
> #***/opt/rt4/bin/rt-mailgate: temp file is '/tmp/Ax6Or2dgc1/23FBulXCfc'
> /opt/rt4/bin/rt-mailgate: connecting to
> https://tickets.mydomain.tld//REST/1.0/NoAuth/mail-gateway
> HTTP request failed: 500 Can't connect to tickets.mydomain.tld:443
> (certificate verify failed). Your webserver logs may have more
> information or there may be a network problem.
>
> /opt/rt4/bin/rt-mailgate: undefined server error
> fetchmail: MDA returned nonzero status 75
>  not flushed
> fetchmail: POP3> QUIT
>
>
> I even get an SSL error when running from the command line:
>
> root at tickets:/opt# /opt/rt4/bin/rt-mailgate --no-verify-ssl --queue
> engineering --action correspond --url https://tickets.mydomain.tld/
> --debug
> test <ctrl+d>
> /opt/rt4/bin/rt-mailgate: temp file is '/tmp/9vlYhx9C9X/kI4IQo0RRw'
> /opt/rt4/bin/rt-mailgate: connecting to
> https://tickets.mydomain.tld//REST/1.0/NoAuth/mail-gateway
> HTTP request failed: 500 Can't connect to tickets.mydomain.tld:443
> (certificate verify failed). Your webserver logs may have more
> information or there may be a network problem.
>
> /opt/rt4/bin/rt-mailgate: undefined server error
> root at tickets:/opt#
>
> It's acting like it's ignoring --no-verify-ssl.
>
> Am I missing something?
>
> Thanks,
>
> -A


More information about the rt-users mailing list