From: Paul Wise <pabs@debian.org>
Date: Wed, 7 Jan 2015 06:43:04 +0000 (+0800)
Subject: We still have some debian.org certs signed by SPI and USERFirst
X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=b87d468a5bfc69a0e8390e7484e9bb6d225e404e;p=mirror%2Fdsa-puppet.git

We still have some debian.org certs signed by SPI and USERFirst
---

diff --git a/modules/ssl/manifests/init.pp b/modules/ssl/manifests/init.pp
index 7c9ffd67b..0ae64aa4e 100644
--- a/modules/ssl/manifests/init.pp
+++ b/modules/ssl/manifests/init.pp
@@ -17,7 +17,7 @@ class ssl {
 	}
 	file { '/etc/ca-certificates-debian.conf':
 		mode    => '0444',
-		content => "# This file is under puppet control\n# Only the CAs for debian.org are trusted, see /etc/ssl/ca-debian/README\nmozilla/AddTrust_External_Root.crt\n",
+		content => "# This file is under puppet control\n# Only the CAs for debian.org are trusted, see /etc/ssl/ca-debian/README\nmozilla/AddTrust_External_Root.crt\nmozilla/UTN_USERFirst_Hardware_Root_CA.crt\nspi-inc.org/spi-cacert-2008.crt\n",
 		notify  => Exec['refresh_ca_debian_hashes'],
 	}
 	file { '/etc/ca-certificates-global.conf':