[rt-users] rt-mailgate
Allen
allen+rtlist at crystalfontz.com
Mon Jan 23 15:06:37 EST 2012
I tried several things to get the cert path into the environment for LWP,
none worked:
1. Adding this to /etc/fetchmailrc
mda "env PERL_LWP_SSL_CA_PATH=/etc/ssl/certs /usr/bin/rt-mailgate-4 ...
does NOT work to get the right cert to LWP through the environment:
root at web0:/etc# service fetchmail start
* Starting mail retriever agent:
fetchmail:
starting fetchmail 6.3.19 daemon
[ OK ]
root at web0:/etc# fetchmail: 1 message for [email address] at
[imapmailserver] (folder Support).
An Error Occurred
=================
500 Can't connect to [RT webserver]:443
(certificate verify failed)
2. Adding this to fetchmailrc does not work either:
mda "export PERL_LWP_SSL_CA_PATH=/etc/ssl/certs; /usr/bin/rt-mailgate-4
...
3. Adding this to /etc/default/fetchmail on Ubuntu where fetchmail runs
from an init script as a daemin does not work either:
export PERL_LWP_SSL_CA_PATH=/etc/ssl/certs
I am stuck with having to edit the rt-mailgate-4 on line 151 file like this:
# my $ua = LWP::UserAgent->new();
my $ua = LWP::UserAgent->new(ssl_opts => {SSL_ca_file =>
'/etc/ssl/certs/7d3cd826.0'});
which I dont like because I will forget about it during upgrade.
A
On Mon, Jan 23, 2012 at 11:06 AM, Thomas Sibley <trs at bestpractical.com>
wrote:
> On 01/20/2012 02:38 PM, Robert Nesius wrote:
>> I figured out a work around for this issue. I was suspicious that
>> LWP::UserAgent could not reach the cert for the CA that signed the cert
>> being presented by the web server. I learned there are some environment
>> variables that I can leverage to influence where LWP::UserAgent looks
>> even though it's being invoked down inside a program I don't want to
>> touch. Adding my /etc/ssl/certs directory to the list of directories
>> examined for certs solved the problem.
>
> For what it's worth, the next release of RT will include a --ca-file
> option you can use to specify the specific cert. It's equivalent to
> setting PERL_LWP_SSL_CA_FILE.
>
>> *root at linux:/opt/rt4/bin# *export PERL_LWP_SSL_CA_PATH=/etc/ssl/certs
>
> If you'd like to submit a simple patch to rt-mailgate that also adds
> support for --ca-path, I'm sure we'd apply it.
>
> I do wonder why the OpenSSL library underlying the Perl library isn't
> finding your cert in /etc/ssl/certs like I'd expect it to.
>
> Thomas
> --------
> RT Training Sessions (http://bestpractical.com/services/training.html)
> * Boston March 5 & 6, 2012
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20120123/3f4c3440/attachment.htm>
More information about the rt-users
mailing list