CLI issues

Jonathan_D_Proulx · October 25, 2005, 9:11pm

This is probably a stupid problem but I can’t seem to get the CLI to
run over SSL:

rt list "status=‘new’"
Password:
rt: Server error: read failed: error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure | error:140940E5:SSL routines:SSL3_READ_BYTES:ssl handshake failure (500)

The server is configured to only listen on SSL (and authenticats with
client certs, my next likely problem). This is a running
installation, but hte person who set it up has been gone for some
time…so I’m trying to come up to speed.

Thanks,
-Jon

Jonathan_D_Proulx · October 26, 2005, 4:17pm

From poking it is clear that this hand shake failure is because the
server is requiring client verification, found this burried in a
clause in an include file…

does the RT CLI understand client certs (if so how) or do I need to
start writing my own?

-Jon

Jesse_Vincent · October 26, 2005, 4:53pm

does the RT CLI understand client certs (if so how) or do I need to
start writing my own?

It uses perl’s lib-www-perl. Which, iirc, handles client certs. But I
don’t remember how.

Anthony_R_J_Ball · October 26, 2005, 4:56pm

Wow… if you buy the canon and two lenses from the rebate list
you get triple the rebate… so 300 off the camera and 45 off
each of the lenses instead of 100 and 15…

$1939 worth for $1549, not bad. ;)On Wed, Oct 26, 2005 at 12:53:01PM -0400, Jesse Vincent wrote:

does the RT CLI understand client certs (if so how) or do I need to
start writing my own?

It uses perl’s lib-www-perl. Which, iirc, handles client certs. But I
don’t remember how.

The rt-users Archives

Be sure to check out the RT Wiki at http://wiki.bestpractical.com

Buy your copy of our new book, RT Essentials, today!

Download a free sample chapter from http://rtbook.bestpractical.com
** CRM114 Whitelisted by: mit.edu **

 www.suave.net - Anthony Ball - ant@suave.net
    OSB - http://rivendell.suave.net/Beer

PALINDROME spelled backwards is EMORDNILAP.

Anthony_R_J_Ball · October 26, 2005, 5:06pm

Wow… terribly sorry about that. Responded to COMPLETELY the wrong email.

Sigh.On Wed, Oct 26, 2005 at 12:56:06PM -0400, Anthony R. J. Ball wrote:

Wow… if you buy the canon and two lenses from the rebate list
you get triple the rebate… so 300 off the camera and 45 off
each of the lenses instead of 100 and 15…

$1939 worth for $1549, not bad.

On Wed, Oct 26, 2005 at 12:53:01PM -0400, Jesse Vincent wrote:

does the RT CLI understand client certs (if so how) or do I need to
start writing my own?

It uses perl’s lib-www-perl. Which, iirc, handles client certs. But I
don’t remember how.

The rt-users Archives

Be sure to check out the RT Wiki at http://wiki.bestpractical.com

Buy your copy of our new book, RT Essentials, today!

Download a free sample chapter from http://rtbook.bestpractical.com
** CRM114 Whitelisted by: mit.edu **

–
www.suave.net - Anthony Ball - ant@suave.net
OSB - http://rivendell.suave.net/Beer
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
PALINDROME spelled backwards is EMORDNILAP.

The rt-users Archives

Be sure to check out the RT Wiki at http://wiki.bestpractical.com

Buy your copy of our new book, RT Essentials, today!

Download a free sample chapter from http://rtbook.bestpractical.com

 www.suave.net - Anthony Ball - ant@suave.net
    OSB - http://rivendell.suave.net/Beer

“Gee, Brain, what are we gonna do tonight?” – Pinky

Alex_Vandiver · October 26, 2005, 8:06pm

It uses perl’s lib-www-perl. Which, iirc, handles client certs. But I
don’t remember how.

It’s actually Crypt::SSLeay which has the support. Set the
HTTPS_CLIENT_CERT environment variable to the .pem file, and you should
be all set. See

Alex

Jonathan_D_Proulx · October 26, 2005, 8:31pm

:On Wed, 2005-10-26 at 12:53 -0400, Jesse Vincent wrote:
:> It uses perl’s lib-www-perl. Which, iirc, handles client certs. But I
:> don’t remember how.
:
:It’s actually Crypt::SSLeay which has the support. Set the
:HTTPS_CLIENT_CERT environment variable to the .pem file, and you should
:be all set. See
:http://search.cpan.org/~chamas/Crypt-SSLeay-0.51/SSLeay.pm#CLIENT_CERTIFICATE_SUPPORT
: - Alex

Hmmm, I had libio-socket-ssl installed which seemed to get me SSL
connections (or seemed to as the error message changed).

Crypt::SSLeay also claims to support pkcs12 like mozilla loves to
export with:

$ENV{HTTPS_PKCS12_FILE} = ��certs/pkcs12.pkcs12��;
$ENV{HTTPS_PKCS12_PASSWORD} = ��PKCS12_PASSWORD��;

One wonders why I’d bother with a password if I need to keep it in my
ENV…not exactly an RT issue but if you know a fix for that I’m all
ears.

Thanks,
-Jon