I tried several things to get the cert path into the environment for LWP, none worked:<br><br>1. Adding this to /etc/fetchmailrc<br><br> <span style="font-family:courier new,monospace"> mda "env PERL_LWP_SSL_CA_PATH=/etc/ssl/certs /usr/bin/rt-mailgate-4 ..</span>.<br>
<br>does NOT work to get the right cert to LWP through the environment:<br><br><span style="font-family:courier new,monospace">root@web0:/etc# service fetchmail start</span><br style="font-family:courier new,monospace"><span style="font-family:courier new,monospace"> * Starting mail retriever agent: fetchmail: starting fetchmail 6.3.19 daemon</span><span style="font-family:courier new,monospace"> [ OK ]</span><br style="font-family:courier new,monospace">
<span style="font-family:courier new,monospace">root@web0:/etc# fetchmail: 1 message for [email address] at [imapmailserver] (folder Support).</span><br style="font-family:courier new,monospace"><span style="font-family:courier new,monospace">An Error Occurred</span><br style="font-family:courier new,monospace">
<span style="font-family:courier new,monospace">=================</span><br style="font-family:courier new,monospace"><br style="font-family:courier new,monospace"><span style="font-family:courier new,monospace">500 Can't connect to [RT webserver]:443</span><br style="font-family:courier new,monospace">
<span style="font-family:courier new,monospace">(certificate verify failed)</span><br><br><br>2. Adding this to fetchmailrc does not work either:<br><br> <span style="font-family:courier new,monospace">mda "export PERL_LWP_SSL_CA_PATH=/etc/ssl/certs; /usr/bin/rt-mailgate-4 ...</span><br>
<br><br>3. Adding this to /etc/default/fetchmail on Ubuntu where fetchmail runs from an init script as a daemin does not work either:<br><br> <span style="font-family:courier new,monospace">export PERL_LWP_SSL_CA_PATH=/etc/ssl/certs</span><br>
<br><br>I am stuck with having to edit the rt-mailgate-4 on line 151 file like this:<br><br><span style="font-family:courier new,monospace"># my $ua = LWP::UserAgent->new();</span><br style="font-family:courier new,monospace">
<span style="font-family:courier new,monospace"> my $ua = LWP::UserAgent->new(ssl_opts => {SSL_ca_file => '/etc/ssl/certs/7d3cd826.0'});</span><br><br>which I dont like because I will forget about it during upgrade.<br>
<br>A<br><br><br><br>On Mon, Jan 23, 2012 at 11:06 AM, Thomas Sibley <<a href="mailto:trs@bestpractical.com" target="_blank">trs@bestpractical.com</a>> wrote:<br>
> On 01/20/2012 02:38 PM, Robert Nesius wrote:<br>>> I figured out a work around for this issue. I was suspicious that<br>>> LWP::UserAgent could not reach the cert for the CA that signed the cert<br>>> being presented by the web server. I learned there are some environment<br>
>> variables that I can leverage to influence where LWP::UserAgent looks<br>>> even though it's being invoked down inside a program I don't want to<br>>> touch. Adding my /etc/ssl/certs directory to the list of directories<br>
>> examined for certs solved the problem.<br>><br>> For what it's worth, the next release of RT will include a --ca-file<br>> option you can use to specify the specific cert. It's equivalent to<br>
> setting PERL_LWP_SSL_CA_FILE.<br>><br>>> *root@linux:/opt/rt4/bin# *export PERL_LWP_SSL_CA_PATH=/etc/ssl/certs<br>><br>> If you'd like to submit a simple patch to rt-mailgate that also adds<br>> support for --ca-path, I'm sure we'd apply it.<br>
><br>> I do wonder why the OpenSSL library underlying the Perl library isn't<br>> finding your cert in /etc/ssl/certs like I'd expect it to.<br>><br>> Thomas<br>> --------<br>> RT Training Sessions (<a href="http://bestpractical.com/services/training.html" target="_blank">http://bestpractical.com/services/training.html</a>)<br>
> * Boston March 5 & 6, 2012<br><br>