[rt-users] SSL no verify function for rt cli tool? (with workaround)

Dion Gullotta Dion.Gullotta at faredge.com.au
Wed Aug 26 21:18:40 EDT 2015


Hi,

The rt-mailgate tool has a --no-verify-ssl option, I was wondering if the "rt" command line tool has a similar option?

I ask because we have a self signed cert that just doesn't seem to play nice with LWP. It used to work fine in RT3 but we upgraded to RT4 yesterday and the newer version of LWP isn't having any of it.


Cert verifies OK:
root at ariel:~# openssl verify /etc/ssl/certs/rt.ourdomain.com.au.crt
/etc/ssl/certs/rt.ourdomain.com.au.crt: OK


But rt doesn't like it:
root at ariel:~# rt list
Query:Status!='resolved' and Status!='rejected'
rt: Server error: Can't connect to rt.ourdomain.com.au:443 (certificate verify failed) (500)


Which is because of lwp:
root at ariel:~# lwp-request https://rt.ourdomain.com.au
Can't connect to rt.ourdomain.com.au:443 (certificate verify failed)
SSL connect attempt failed error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed at /usr/local/share/perl/5.18.2/LWP/Protocol/http.pm line 47.


I realise this isn't an RT problem as it is really LWP, but it would be nice if the RT CLI supported a --no-verify-ssl option to workaround these situations. As it stands I had to edit the code of /opt/rt4/bin/rt and added the following on line 54 which allowed us to move forward, but this will be an issue for future upgrades:

BEGIN { $ENV{PERL_LWP_SSL_VERIFY_HOSTNAME} = 0;}


Any thoughts?

Cheers,

Dion Gullotta
Far Edge Technology

p. 02 84251400
http://www.faredge.com.au


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20150827/3eb5be6a/attachment.htm>


More information about the rt-users mailing list