rdm-mailhandler.rb chokes on self-signed certificate
Added by Jérôme L over 9 years ago
Hi all.
I'm trying to setup email reception as per the doc : http://www.redmine.org/projects/redmine/wiki/RedmineReceivingEmails
I don't think it is related but it may be worth mentionning that my setup is a bit different from the doc because my Redmine instance is hosted as redmine.domain.tld and from Postfix perspective, it is a hosted domain.
I redirect all mail to redmine using a dedicated transport :
main.cf contains :
virtual_mailbox_domains = redmine.domain.tld virtual_mailbox_base = /var/mail virtual_mailbox_maps = hash:/etc/postfix/vmailbox transport_maps = hash:/etc/postfix/transport
/etc/postfix/transport
redmine.domain.tld redmine:
/etc/postfix/vmailbox
@redmine.domain.tld whatever
I created a redmine system user and added this in master.cf
redmine unix - n n - - pipe flags=FR user=redmine argv=/usr/share/redmine/extra/mail_handler/rdm-mailhandler.rb --url https://redmine.domain.tld --key gkAnuGEX5xSuY5tBxSPe" --project projet-test
And here is what Postfix says :
Jul 7 17:48:02 prod postfix/pipe19025: 4F35421E91: to=<redmine@redmine.domain.tld>, relay=redmine, delay=0.24, delays=0.05/0.01/0/0.18, dsn=5.3.0, status=bounced (Command died with status 1: "/usr/share/redmine/extra/mail_handler/rdm-mailhandler.rb". Command output: /usr/lib/ruby/2.1.0/net/http.rb:920:in `connect': SSL_connect returned=1 errno=0 state=unknown state: certificate verify failed (OpenSSL::SSL::SSLError) from /usr/lib/ruby/2.1.0/net/http.rb:920:in `block in connect' from /usr/lib/ruby/2.1.0/timeout.rb:76:in `timeout' from /usr/lib/ruby/2.1.0/net/http.rb:920:in `connect' from /usr/lib/ruby/2.1.0/net/http.rb:863:in `do_start' from /usr/lib/ruby/2.1.0/net/http.rb:852:in `start' from /usr/share/redmine/extra/mail_handler/rdm-mailhandler.rb:36:in `post_form' from /usr/share/redmine/extra/mail_handler/rdm-mailhandler.rb:131:in `submit' from /usr/share/redmine/extra/mail_handler/rdm-mailhandler.rb:178:in `<main>' )
I'm using a self-signed certificate. I know it is not ideal. Anyway, did anybody already encounter this? Any workaround?
BTW, until everything is working, I'm not 100% sure of the setup as soon as it diverges from the doc, so any comment is welcome.
Thanks.