Rt-mailgate ignoring --no-verify-ssl?

Aaron_C_de_Bruyn · April 30, 2015, 4:01am

Mailgate has been driving me nuts. I downloaded 4.2.10 and set it up
on a bright, shiny new server.

I’m running fetchmail on my RT box using the following to send tickets to RT:

poll mail.mydomain.tld with protocol pop3
username engineering password -redacted- mda
“/opt/rt4/bin/rt-mailgate --no-verify-ssl --queue engineering --action
correspond --url https://tickets.mydomain.tld --debug”

Fetchmail complains about the MDA erroring out. Increasing fetchmail
debugging shows:

fetchmail: about to deliver with: /opt/rt4/bin/rt-mailgate
–no-verify-ssl --queue engineering --action correspond --url
https://tickets.mydomain.tld/ --debug
#***/opt/rt4/bin/rt-mailgate: temp file is ‘/tmp/Ax6Or2dgc1/23FBulXCfc’
/opt/rt4/bin/rt-mailgate: connecting to
https://tickets.mydomain.tld//REST/1.0/NoAuth/mail-gateway
HTTP request failed: 500 Can’t connect to tickets.mydomain.tld:443
(certificate verify failed). Your webserver logs may have more
information or there may be a network problem.

/opt/rt4/bin/rt-mailgate: undefined server error
fetchmail: MDA returned nonzero status 75
not flushed
fetchmail: POP3> QUIT

I even get an SSL error when running from the command line:

root@tickets:/opt# /opt/rt4/bin/rt-mailgate --no-verify-ssl --queue
engineering --action correspond --url https://tickets.mydomain.tld/
–debug
test <ctrl+d>
/opt/rt4/bin/rt-mailgate: temp file is ‘/tmp/9vlYhx9C9X/kI4IQo0RRw’
/opt/rt4/bin/rt-mailgate: connecting to
https://tickets.mydomain.tld//REST/1.0/NoAuth/mail-gateway
HTTP request failed: 500 Can’t connect to tickets.mydomain.tld:443
(certificate verify failed). Your webserver logs may have more
information or there may be a network problem.

/opt/rt4/bin/rt-mailgate: undefined server error
root@tickets:/opt#

It’s acting like it’s ignoring --no-verify-ssl.

Am I missing something?

Thanks,

-A

Aaron_C_de_Bruyn · May 1, 2015, 5:06pm

Fixed it. Apparently --no-verify-ssl only deals with the hostname on
the certificate.

I added the following to the ‘use’ section at the top of rt-mailgate:

use IO::Socket::SSL;

and then in the get_useragent function, I added the following ssl_opts line:

$ua->ssl_opts( SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE );

Now my legitimately signed wildcard cert (*.mydomain.tld) doesn’t
error out because of a bad hostname, or an untrusted cert in the
middle of the chain.

-AOn Wed, Apr 29, 2015 at 9:01 PM, Aaron C. de Bruyn aaron@heyaaron.com wrote:

Mailgate has been driving me nuts. I downloaded 4.2.10 and set it up
on a bright, shiny new server.

I’m running fetchmail on my RT box using the following to send tickets to RT:

poll mail.mydomain.tld with protocol pop3
username engineering password -redacted- mda
“/opt/rt4/bin/rt-mailgate --no-verify-ssl --queue engineering --action
correspond --url https://tickets.mydomain.tld --debug”

Fetchmail complains about the MDA erroring out. Increasing fetchmail
debugging shows:

fetchmail: about to deliver with: /opt/rt4/bin/rt-mailgate
–no-verify-ssl --queue engineering --action correspond --url
https://tickets.mydomain.tld/ --debug
#***/opt/rt4/bin/rt-mailgate: temp file is ‘/tmp/Ax6Or2dgc1/23FBulXCfc’
/opt/rt4/bin/rt-mailgate: connecting to
https://tickets.mydomain.tld//REST/1.0/NoAuth/mail-gateway
HTTP request failed: 500 Can’t connect to tickets.mydomain.tld:443
(certificate verify failed). Your webserver logs may have more
information or there may be a network problem.

/opt/rt4/bin/rt-mailgate: undefined server error
fetchmail: MDA returned nonzero status 75
not flushed
fetchmail: POP3> QUIT

I even get an SSL error when running from the command line:

root@tickets:/opt# /opt/rt4/bin/rt-mailgate --no-verify-ssl --queue
engineering --action correspond --url https://tickets.mydomain.tld/
–debug
test <ctrl+d>
/opt/rt4/bin/rt-mailgate: temp file is ‘/tmp/9vlYhx9C9X/kI4IQo0RRw’
/opt/rt4/bin/rt-mailgate: connecting to
https://tickets.mydomain.tld//REST/1.0/NoAuth/mail-gateway
HTTP request failed: 500 Can’t connect to tickets.mydomain.tld:443
(certificate verify failed). Your webserver logs may have more
information or there may be a network problem.

/opt/rt4/bin/rt-mailgate: undefined server error
root@tickets:/opt#

It’s acting like it’s ignoring --no-verify-ssl.

Am I missing something?

Thanks,

-A

lcavucci · June 7, 2019, 1:03pm

Hi,

could you show me how you add

$ua->ssl_opts( SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE );

into your rt-mailgate?

thanks

Luigi

Aaron_C_de_Bruyn · June 7, 2019, 3:42pm

You would have to edit the rt-mailgate file on your Linux box and add that line.

If you are unfamiliar with managing Linux systems or editing files in Linux, here is a page describing how to use ‘nano’ on Linux to edit files:

https://www.linode.com/docs/tools-reference/tools/use-nano-text-editor-commands/

-A

sunnavy · February 14, 2022, 10:08pm

I made a branch(4.4/mailgate-set-ssl-verify-mode) to fix this issue, which will likely be included in future releases.

Thanks.