[rt-users] mailgate LWP SSL error after upgrading some perl mods
Thomas Sibley
trs at bestpractical.com
Wed Jan 30 17:13:33 EST 2013
On 01/30/2013 01:02 PM, Ed Santora wrote:
> Hello all,
>
> I tried searching the archives, but couldn't find this specific error.
>
> After upgrading a few perl modules, I starting seeing this error getting
> bounced back.
>
> The following text was generated during the delivery attempt:
>
> ------ pipe to |/home/web/sites/xxx.xxx.xxx/rt4/bin/rt-mailgate --queue
> test --action correspond --url https://xxx.xxx.xxx/rt/
> generated by test at xxx.xxx.xxx ------
>
> *******************************************************************
> Using the default of SSL_verify_mode of SSL_VERIFY_NONE for client
> is deprecated! Please set SSL_verify_mode to SSL_VERIFY_PEER
> together with SSL_ca_file|SSL_ca_path for verification.
> If you really don't want to verify the certificate and keep the
> connection open to Man-In-The-Middle attacks please set
> SSL_verify_mode explicitly to SSL_VERIFY_NONE in your application.
> *******************************************************************
> at /usr/local/share/perl5/LWP/Protocol/http.pm line 31.
>
>
> It's a registered domain (several years old) with a valid ssl cert. I
> test the cert with several sites and they all say it's valid and
> installed correctly.
Your testing doesn't mean the system running rt-mailgate is setup to
trust the CA which issued the cert. Either install the signing CA as a
trusted CA system-wide on the mail server, or use the --ca-file argument
to rt-mailgate:
http://bestpractical.com/rt/docs/latest/rt-mailgate.html#ca-file-path
Alternatively, you can tell rt-mailgate not to care about SSL certs, but
that defeats most of the point of using SSL in the first place.
More information about the rt-users
mailing list