Rt3 mail gateway and ssl

Mixo · May 21, 2003, 11:32am

While testing an installation of rt 3 (3.0.2) I got:
[root@dhcp0 smrsh]# /opt/rt3/bin/rt-mailgate --queue general --action
correspond --url https://dhcp0/
from:test
subject:test
to:rt

wiyui yuiuy iuyi
uijoljk
.
An Error Occurred

501 Protocol scheme ‘https’ is not supported

Does this mean ssl is not supported by the mail gateway or something else?

Hermann_Stern · May 21, 2003, 11:54am

Hi!

If you have Login via REMOTE User set to ON (so rt loggs in automatically
if it finds some login information - if you protect this dir per
.htaccess for example) und you hit LOGOUT - > you get to
NoAuth/Logout.html, but then there is a META REFRESH Set to http://RT
Url, so you alway get back to RT Front Url, and then Logged in => so you
cant logout

Help: Nuke this META REFRESH line from NoAuth/Logout.html

Hermann

Hermann_Stern · May 21, 2003, 11:56am

Hi!

=================

501 Protocol scheme ‘https’ is not supported

Does this mean ssl is not supported by the mail gateway or something else?

Try -url http://your.site.com:443. Because i have protected my site per
.httaccess file, this doesn’t work, but maybe without it does.
(Port 443 is SSL in most systems)

Hermann

Michael_van_Elst · May 21, 2003, 12:51pm

501 Protocol scheme ‘https’ is not supported
Does this mean ssl is not supported by the mail gateway or something else?

Try -url http://your.site.com:443. Because i have protected my site per
.httaccess file, this doesn’t work, but maybe without it does.
(Port 443 is SSL in most systems)

Talking HTTP to port 443 does not help.

The message comes from LWP that can’t load the https protocol module,
probably because Net::SSLeay or Crypt::SSLeay hasn’t been installed
yet.

CPAN is your friend

Greetings,
,eM"“=. a”-. Michael van Elst
dWWMWM" - :GM==; mlelstv@dev.de.cw.net
:WWMWMw=–. "W=’ cable & wireless
9WWMm==-.
“-Wmw-” CABLE & WIRELESS

Kristian_Ronningen · May 21, 2003, 1:04pm

501 Protocol scheme ‘https’ is not supported
Does this mean ssl is not supported by the mail gateway or something else?

The docs say “If you intend to use SSL to secure your mail gateway, you
need to make sure that lib-www-perl, a.k.a LWP, is built with SSL
support.”

There is a separate CPAN-module that gives LWP this functionality, but I
can’t remember the name.

Kristian Rï¿½nningen krmm@nordkapp.net

Ian_Grant · May 21, 2003, 1:52pm

501 Protocol scheme ‘https’ is not supported
Does this mean ssl is not supported by the mail gateway or something else?

Try -url http://your.site.com:443. Because i have protected my site per
.httaccess file, this doesn’t work, but maybe without it does.
(Port 443 is SSL in most systems)

Talking HTTP to port 443 does not help.

The message comes from LWP that can’t load the https protocol module,
probably because Net::SSLeay or Crypt::SSLeay hasn’t been installed
yet.

CPAN is your friend

I had the same problem and after trawling the rt-{users,devel} archives I installed Net_SSLeay.pm-1.22.tar.gz but I got the same result (yes, I restarted apache.) Then I re-installed LWP and restarted apache and I still got the same error. In the end I configured apache to open up HTTP access from the mailgate host (in this case localhost) and it seems to work.

If anyone solves this problem properly I would be most interested in the recipe.

Ian
Ian Grant, Computer Lab., William Gates Building, JJ Thomson Ave., Cambridge
Phone: +44 1223 334420

Hermann_Stern · May 21, 2003, 2:14pm

Installed
C/CH/CHAMAS/Crypt-SSLeay-0.49.tar.gz
and works now also with https.

HermannOn Wed, 21 May 2003, Ian Grant wrote:

On Wed, May 21, 2003, Hermann Stern wrote:

501 Protocol scheme ‘https’ is not supported
Does this mean ssl is not supported by the mail gateway or something else?

Try -url http://your.site.com:443. Because i have protected my site per
.httaccess file, this doesn’t work, but maybe without it does.
(Port 443 is SSL in most systems)

Talking HTTP to port 443 does not help.

The message comes from LWP that can’t load the https protocol module,
probably because Net::SSLeay or Crypt::SSLeay hasn’t been installed
yet.

CPAN is your friend

I had the same problem and after trawling the rt-{users,devel} archives I installed Net_SSLeay.pm-1.22.tar.gz but I got the same result (yes, I restarted apache.) Then I re-installed LWP and restarted apache and I still got the same error. In the end I configured apache to open up HTTP access from the mailgate host (in this case localhost) and it seems to work.

If anyone solves this problem properly I would be most interested in the recipe.

Ian

Ian Grant, Computer Lab., William Gates Building, JJ Thomson Ave., Cambridge
Phone: +44 1223 334420

Sebastian_Flothow1 · May 21, 2003, 3:39pm

Help: Nuke this META REFRESH line from NoAuth/Logout.html

No - this would just give users a false sense of security, since they
aren’t logged out. With external auth, it’s impossible to log out, at
least via server-side mechanisms.

Sebastian

Sebastian Flothow
sebastian@flothow.de

Because it reverses the logical flow of conversation.
Why is top posting frowned upon?

Autrijus_Tang · May 21, 2003, 5:05pm

Help: Nuke this META REFRESH line from NoAuth/Logout.html

No - this would just give users a false sense of security, since they
aren’t logged out. With external auth, it’s impossible to log out, at
least via server-side mechanisms.

It is indeed possible. All you need is to hook up a mod_perl
handler that consistently returns AUTH_REQUIRED, coupled with
a cookie that tracks the state of changes.

Please refer to line 122 and below in:
http://p4.elixus.org/depot/pause/lib/pause_1999/authen_user.pm

for a concrete example (that runs pause.perl.org).

Thanks,
/Autrijus/

Mixo · May 22, 2003, 7:16am

Ian Grant wrote:

I had the same problem and after trawling the rt-{users,devel} archives I installed Net_SSLeay.pm-1.22.tar.gz but I got the same result (yes, I restarted apache.) Then I re-installed LWP and restarted apache and I still got the same error. In the end I configured apache to open up HTTP access from the mailgate host (in this case localhost) and it seems to work.

If anyone solves this problem properly I would be most interested in the recipe.

Ian

Installing Crypt::SSLeay did the trick.

Hermann_Stern · May 23, 2003, 7:25am

So that means RT should hide the LOGOUT Button from UI, if
the user is logged in via REMOTE_User.
No funcionality => no button

HermannOn Wed, 21 May 2003, Sebastian Flothow wrote:

Help: Nuke this META REFRESH line from NoAuth/Logout.html

No - this would just give users a false sense of security, since they
aren’t logged out. With external auth, it’s impossible to log out, at
least via server-side mechanisms.

Sebastian

–
Sebastian Flothow
sebastian@flothow.de

Because it reverses the logical flow of conversation.
Why is top posting frowned upon?

rt-users mailing list
rt-users@lists.fsck.com
http://lists.fsck.com/mailman/listinfo/rt-users

Have you read the FAQ? The RT FAQ Manager lives at http://fsck.com/rtfm