[rt-users] Change to SSL cert breaking incoming mail

asas asas at uw.edu
Wed Feb 4 19:08:29 EST 2015

>>On Wed, 4 Feb 2015 19:18:30 +0000 asas <asas at uw.edu> wrote:
>> It is a trusted CA, and the cert for the CA is present on the server.
>> That's why I'm so baffled by the problem - the whole cert chain works
>> fine with the web interface.
>Have you tried passing the CA, and it didn't work, or did you note try
>yet? Perl may be working from a different certificate store than your
>web browser.
>Alternately, try upgrading Net::SSLeay and LWP::Protocol::https.
>  - Alex

rt-mailgate doesn't work whether or not the --ca-file option is set. After tinkering with the rt-mailgate code a bit, I found that if I set the CA path in addition to the CA file, it does work (or at least, it gets as far as producing an invalid user error):

$ua->ssl_opts( SSL_ca_path => "/etc/ssl/certs/");

According to the LWP documentation, the default for SSL_ca_path is set by checking these environment variables: PERL_LWP_SSL_CA_PATH and HTTPS_CA_DIR

Since I don't want to have my crudely hacked version of rt-mailgate in use, I'd prefer to append /etc/ssl/certs/ to one of the above environment variables in a config file. Is there a place within the RT config files that this can be done?

More information about the rt-users mailing list