sub UpgradeConnection($) {
my ($ldap) = @_;
- my $mesg = $ldap->start_tls();
+ my $mesg = $ldap->start_tls(
+ verify => 'require',
+ cafile => '/etc/ssl/certs/spi-cacert-2008.pem'
+ );
$mesg->sync;
if ($mesg->code != LDAP_SUCCESS) {
print "Content-type: text/html; charset=utf-8\n\n";