SSL no verify function for rt cli tool? (with workaround)

Hi,

The rt-mailgate tool has a --no-verify-ssl option, I was wondering if the “rt” command line tool has a similar option?

I ask because we have a self signed cert that just doesn’t seem to play nice with LWP. It used to work fine in RT3 but we upgraded to RT4 yesterday and the newer version of LWP isn’t having any of it.

Cert verifies OK:
root@ariel:~# openssl verify /etc/ssl/certs/rt.ourdomain.com.au.crt
/etc/ssl/certs/rt.ourdomain.com.au.crt: OK

But rt doesn’t like it:
root@ariel:~# rt list
Query:Status!=‘resolved’ and Status!='rejected’
rt: Server error: Can’t connect to rt.ourdomain.com.au:443 (certificate verify failed) (500)

Which is because of lwp:
root@ariel:~# lwp-request https://rt.ourdomain.com.au
Can’t connect to rt.ourdomain.com.au:443 (certificate verify failed)
SSL connect attempt failed error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed at /usr/local/share/perl/5.18.2/LWP/Protocol/http.pm line 47.

I realise this isn’t an RT problem as it is really LWP, but it would be nice if the RT CLI supported a --no-verify-ssl option to workaround these situations. As it stands I had to edit the code of /opt/rt4/bin/rt and added the following on line 54 which allowed us to move forward, but this will be an issue for future upgrades:

BEGIN { $ENV{PERL_LWP_SSL_VERIFY_HOSTNAME} = 0;}

Any thoughts?

Cheers,

Dion Gullotta
Far Edge Technology

p. 02 84251400
http://www.faredge.com.au

I realise this isn�t an RT problem as it is really LWP, but it would be
nice if the RT CLI supported a --no-verify-ssl option to workaround
these situations. As it stands I had to edit the code of /opt/rt4/bin/rt
and added the following on line 54 which allowed us to move forward, but
this will be an issue for future upgrades:

BEGIN { $ENV{PERL_LWP_SSL_VERIFY_HOSTNAME} = 0;}

You don’t have to modify the code.
You can set “export PERL_LWP_SSL_VERIFY_HOSTNAME=0” somewhere on the
client host (/etc/environment or ~/.bashrc of the user who use the rt
client).

But remember that this will affect all LWP calls.

Chris