Mailgate LWP SSL error after upgrading some perl mods

Hello all,

I tried searching the archives, but couldn’t find this specific error.

After upgrading a few perl modules, I starting seeing this error getting
bounced back.

The following text was generated during the delivery attempt:

------ pipe to |/home/web/sites/xxx.xxx.xxx/rt4/bin/rt-mailgate --queue
test --action correspond --url https://xxx.xxx.xxx/rt/
generated by test@xxx.xxx.xxx ------

Using the default of SSL_verify_mode of SSL_VERIFY_NONE for client
is deprecated! Please set SSL_verify_mode to SSL_VERIFY_PEER
together with SSL_ca_file|SSL_ca_path for verification.
If you really don’t want to verify the certificate and keep the
connection open to Man-In-The-Middle attacks please set
SSL_verify_mode explicitly to SSL_VERIFY_NONE in your application.
at /usr/local/share/perl5/LWP/Protocol/http.pm line 31.

It’s a registered domain (several years old) with a valid ssl cert. I test
the cert with several sites and they all say it’s valid and installed
correctly.

Any ideas?

Thanks!

-Ed

Ed Santora, Senior System Administrator
Harvard University, Academic Computing
Division of Continuing Education

Hello all,

I tried searching the archives, but couldn’t find this specific error.

After upgrading a few perl modules, I starting seeing this error getting
bounced back.

The following text was generated during the delivery attempt:

------ pipe to |/home/web/sites/xxx.xxx.xxx/rt4/bin/rt-mailgate --queue
test --action correspond --url https://xxx.xxx.xxx/rt/
generated by test@xxx.xxx.xxx ------


Using the default of SSL_verify_mode of SSL_VERIFY_NONE for client
is deprecated! Please set SSL_verify_mode to SSL_VERIFY_PEER
together with SSL_ca_file|SSL_ca_path for verification.
If you really don’t want to verify the certificate and keep the
connection open to Man-In-The-Middle attacks please set
SSL_verify_mode explicitly to SSL_VERIFY_NONE in your application.


at /usr/local/share/perl5/LWP/Protocol/http.pm line 31.

It’s a registered domain (several years old) with a valid ssl cert. I
test the cert with several sites and they all say it’s valid and
installed correctly.

Your testing doesn’t mean the system running rt-mailgate is setup to
trust the CA which issued the cert. Either install the signing CA as a
trusted CA system-wide on the mail server, or use the --ca-file argument
to rt-mailgate:

http://bestpractical.com/rt/docs/latest/rt-mailgate.html#ca-file-path

Alternatively, you can tell rt-mailgate not to care about SSL certs, but
that defeats most of the point of using SSL in the first place.