Hi,
The rt-mailgate tool has a --no-verify-ssl option, I was wondering if the “rt” command line tool has a similar option?
I ask because we have a self signed cert that just doesn’t seem to play nice with LWP. It used to work fine in RT3 but we upgraded to RT4 yesterday and the newer version of LWP isn’t having any of it.
Cert verifies OK:
root@ariel:~# openssl verify /etc/ssl/certs/rt.ourdomain.com.au.crt
/etc/ssl/certs/rt.ourdomain.com.au.crt: OK
But rt doesn’t like it:
root@ariel:~# rt list
Query:Status!=‘resolved’ and Status!=‘rejected’
rt: Server error: Can’t connect to rt.ourdomain.com.au:443 (certificate verify failed) (500)
Which is because of lwp:
root@ariel:~# lwp-request https://rt.ourdomain.com.au
Can’t connect to rt.ourdomain.com.au:443 (certificate verify failed)
SSL connect attempt failed error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed at /usr/local/share/perl/5.18.2/LWP/Protocol/http.pm line 47.
I realise this isn’t an RT problem as it is really LWP, but it would be nice if the RT CLI supported a --no-verify-ssl option to workaround these situations. As it stands I had to edit the code of /opt/rt4/bin/rt and added the following on line 54 which allowed us to move forward, but this will be an issue for future upgrades:
BEGIN { $ENV{PERL_LWP_SSL_VERIFY_HOSTNAME} = 0;}
Any thoughts?
Cheers,
Dion Gullotta
Far Edge Technology
p. 02 84251400