On 01/30/2013 01:02 PM, Ed Santora wrote: > Hello all, > > I tried searching the archives, but couldn't find this specific error. > > After upgrading a few perl modules, I starting seeing this error getting > bounced back. > > The following text was generated during the delivery attempt: > > ------ pipe to |/home/web/sites/xxx.xxx.xxx/rt4/bin/rt-mailgate --queue > test --action correspond --url https://xxx.xxx.xxx/rt/ > generated by [email protected] ------ > > ******************************************************************* > Using the default of SSL_verify_mode of SSL_VERIFY_NONE for client > is deprecated! Please set SSL_verify_mode to SSL_VERIFY_PEER > together with SSL_ca_file|SSL_ca_path for verification. > If you really don't want to verify the certificate and keep the > connection open to Man-In-The-Middle attacks please set > SSL_verify_mode explicitly to SSL_VERIFY_NONE in your application. > ******************************************************************* > at /usr/local/share/perl5/LWP/Protocol/http.pm line 31. > > > It's a registered domain (several years old) with a valid ssl cert. I > test the cert with several sites and they all say it's valid and > installed correctly.
Your testing doesn't mean the system running rt-mailgate is setup to trust the CA which issued the cert. Either install the signing CA as a trusted CA system-wide on the mail server, or use the --ca-file argument to rt-mailgate: http://bestpractical.com/rt/docs/latest/rt-mailgate.html#ca-file-path Alternatively, you can tell rt-mailgate not to care about SSL certs, but that defeats most of the point of using SSL in the first place.
