On 10/17/2011 11:51 AM, Luciano Ernesto da Silva wrote:
I was testing RT with a self-signed certificate(SSL), I send a email to
queue, but in /var/log/mail I got this:
(temporary failure. Command output: An Error Occurred =================
500 Can't connect to rt4.dev.ufrgs.br:443 (certificate verify failed) )
[snip]
As described here
http://blogs.perl.org/users/brian_d_foy/2011/07/now-you-need-lwpprotocolhttps.html
I made and applied a patch against file
Rt-mailgate, around line 151:
- my $ua = LWP::UserAgent->new();
+ my $ua = LWP::UserAgent->new(ssl_opts => { verify_hostname => 0 });
Patch link here: http://pastebin.com/DQCH3R8L
Now perl don’t check the certificate, and the queues receive all messages.
*My question: Is this the correct approach for that*?
No, this is wrong from a security standpoint, although it works since
you're ignoring the cert data. You'll be vulnerable to a MITM attack.
You should instead take the advice of the second half of brian's blog
post and tell LWP::UserAgent about your root CA or install the root CA
into your operating system's list of trusted CAs (which means you don't
have to patch rt-mailgate).
Thomas
--------
RT Training Sessions (http://bestpractical.com/services/training.html)
* San Francisco, CA, USA October 18 & 19, 2011
* Washington DC, USA October 31 & November 1, 2011
* Barcelona, Spain November 28 & 29, 2011
