[rt-users] mailgate LWP SSL error after upgrading some perl mods

Thomas Sibley trs at bestpractical.com
Wed Jan 30 17:13:33 EST 2013


On 01/30/2013 01:02 PM, Ed Santora wrote:
> Hello all,
> 
> I tried searching the archives, but couldn't find this specific error.
> 
> After upgrading a few perl modules, I starting seeing this error getting
> bounced back.
> 
> The following text was generated during the delivery attempt:
> 
> ------ pipe to |/home/web/sites/xxx.xxx.xxx/rt4/bin/rt-mailgate --queue
> test --action correspond --url https://xxx.xxx.xxx/rt/
>       generated by test at xxx.xxx.xxx ------
> 
> *******************************************************************
> Using the default of SSL_verify_mode of SSL_VERIFY_NONE for client
> is deprecated! Please set SSL_verify_mode to SSL_VERIFY_PEER
> together with SSL_ca_file|SSL_ca_path for verification.
> If you really don't want to verify the certificate and keep the
> connection open to Man-In-The-Middle attacks please set
> SSL_verify_mode explicitly to SSL_VERIFY_NONE in your application.
> *******************************************************************
>  at /usr/local/share/perl5/LWP/Protocol/http.pm line 31.
> 
> 
> It's a registered domain (several years old) with a valid ssl cert. I
> test the cert with several sites and they all say it's valid and
> installed correctly.

Your testing doesn't mean the system running rt-mailgate is setup to
trust the CA which issued the cert.  Either install the signing CA as a
trusted CA system-wide on the mail server, or use the --ca-file argument
to rt-mailgate:

http://bestpractical.com/rt/docs/latest/rt-mailgate.html#ca-file-path

Alternatively, you can tell rt-mailgate not to care about SSL certs, but
that defeats most of the point of using SSL in the first place.



More information about the rt-users mailing list