[Rt-commit] rt branch 4.4/mailgate-set-ssl-verify-mode created. rt-4.4.5-24-ga1e0dcd2bf
BPS Git Server
git at git.bestpractical.com
Mon Feb 14 22:05:38 UTC 2022
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "rt".
The branch, 4.4/mailgate-set-ssl-verify-mode has been created
at a1e0dcd2bf427c3bb739a5587df7bafeda988f95 (commit)
- Log -----------------------------------------------------------------
commit a1e0dcd2bf427c3bb739a5587df7bafeda988f95
Author: sunnavy <sunnavy at bestpractical.com>
Date: Tue Feb 15 05:47:58 2022 +0800
Explicitly set SSL_verify_mode in mailgate
This is mainly to disable certificate verification when --no-verify-ssl
is passed. LWP::Protocol::https automatically does this if you install
it from CPAN, but Linux vendors removed this automation to fix a
security issue, see also:
https://rt.cpan.org/Public/Bug/Display.html?id=81948
https://ubuntu.com/security/CVE-2014-3230
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746579
Without this, you could get the following error when using system perl
even if --no-verify-ssl is passed:
Can't connect to ... (certificate verify failed)
diff --git a/bin/rt-mailgate.in b/bin/rt-mailgate.in
index cd2b2b9fb6..5e2928858e 100644
--- a/bin/rt-mailgate.in
+++ b/bin/rt-mailgate.in
@@ -154,7 +154,7 @@ sub get_useragent {
$ua->agent("rt-mailgate/@RT_VERSION_MAJOR at .@RT_VERSION_MINOR at .@RT_VERSION_PATCH@ ");
$ua->cookie_jar( { file => $opts->{'jar'} } ) if $opts->{'jar'};
- $ua->ssl_opts( verify_hostname => $opts->{'verify-ssl'} );
+ $ua->ssl_opts( verify_hostname => $opts->{'verify-ssl'}, SSL_verify_mode => $opts->{'verify-ssl'} );
$ua->ssl_opts( SSL_ca_file => $opts->{'ca-file'} )
if $opts->{'ca-file'};
-----------------------------------------------------------------------
hooks/post-receive
--
rt
More information about the rt-commit
mailing list