CLI issues

This is probably a stupid problem but I can’t seem to get the CLI to
run over SSL:

rt list "status=‘new’"
Password:
rt: Server error: read failed: error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure | error:140940E5:SSL routines:SSL3_READ_BYTES:ssl handshake failure (500)

The server is configured to only listen on SSL (and authenticats with
client certs, my next likely problem). This is a running
installation, but hte person who set it up has been gone for some
time…so I’m trying to come up to speed.

Thanks,
-Jon

From poking it is clear that this hand shake failure is because the
server is requiring client verification, found this burried in a
clause in an include file…

does the RT CLI understand client certs (if so how) or do I need to
start writing my own?

-Jon

does the RT CLI understand client certs (if so how) or do I need to
start writing my own?

It uses perl’s lib-www-perl. Which, iirc, handles client certs. But I
don’t remember how.

Wow… if you buy the canon and two lenses from the rebate list
you get triple the rebate… so 300 off the camera and 45 off
each of the lenses instead of 100 and 15…

$1939 worth for $1549, not bad. ;)On Wed, Oct 26, 2005 at 12:53:01PM -0400, Jesse Vincent wrote:

does the RT CLI understand client certs (if so how) or do I need to
start writing my own?

It uses perl’s lib-www-perl. Which, iirc, handles client certs. But I
don’t remember how.


http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users

Be sure to check out the RT Wiki at http://wiki.bestpractical.com

Buy your copy of our new book, RT Essentials, today!

Download a free sample chapter from http://rtbook.bestpractical.com
** CRM114 Whitelisted by: mit.edu **

 www.suave.net - Anthony Ball - ant@suave.net
    OSB - http://rivendell.suave.net/Beer

PALINDROME spelled backwards is EMORDNILAP.

Wow… terribly sorry about that. Responded to COMPLETELY the wrong email.

Sigh.On Wed, Oct 26, 2005 at 12:56:06PM -0400, Anthony R. J. Ball wrote:

Wow… if you buy the canon and two lenses from the rebate list
you get triple the rebate… so 300 off the camera and 45 off
each of the lenses instead of 100 and 15…

$1939 worth for $1549, not bad. :wink:

On Wed, Oct 26, 2005 at 12:53:01PM -0400, Jesse Vincent wrote:

does the RT CLI understand client certs (if so how) or do I need to
start writing my own?

It uses perl’s lib-www-perl. Which, iirc, handles client certs. But I
don’t remember how.


http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users

Be sure to check out the RT Wiki at http://wiki.bestpractical.com

Buy your copy of our new book, RT Essentials, today!

Download a free sample chapter from http://rtbook.bestpractical.com
** CRM114 Whitelisted by: mit.edu **


www.suave.net - Anthony Ball - ant@suave.net
OSB - http://rivendell.suave.net/Beer
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
PALINDROME spelled backwards is EMORDNILAP.


http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users

Be sure to check out the RT Wiki at http://wiki.bestpractical.com

Buy your copy of our new book, RT Essentials, today!

Download a free sample chapter from http://rtbook.bestpractical.com

 www.suave.net - Anthony Ball - ant@suave.net
    OSB - http://rivendell.suave.net/Beer

“Gee, Brain, what are we gonna do tonight?” – Pinky

It uses perl’s lib-www-perl. Which, iirc, handles client certs. But I
don’t remember how.

It’s actually Crypt::SSLeay which has the support. Set the
HTTPS_CLIENT_CERT environment variable to the .pem file, and you should
be all set. See
http://search.cpan.org/~chamas/Crypt-SSLeay-0.51/SSLeay.pm#CLIENT_CERTIFICATE_SUPPORT

  • Alex

:On Wed, 2005-10-26 at 12:53 -0400, Jesse Vincent wrote:
:> It uses perl’s lib-www-perl. Which, iirc, handles client certs. But I
:> don’t remember how.
:
:It’s actually Crypt::SSLeay which has the support. Set the
:HTTPS_CLIENT_CERT environment variable to the .pem file, and you should
:be all set. See
:http://search.cpan.org/~chamas/Crypt-SSLeay-0.51/SSLeay.pm#CLIENT_CERTIFICATE_SUPPORT
: - Alex

Hmmm, I had libio-socket-ssl installed which seemed to get me SSL
connections (or seemed to as the error message changed).

Crypt::SSLeay also claims to support pkcs12 like mozilla loves to
export with:

$ENV{HTTPS_PKCS12_FILE} = ���certs/pkcs12.pkcs12���;
$ENV{HTTPS_PKCS12_PASSWORD} = ���PKCS12_PASSWORD���;

One wonders why I’d bother with a password if I need to keep it in my
ENV…not exactly an RT issue but if you know a fix for that I’m all
ears.

Thanks,
-Jon