Use the correct cert when connecting to the LDAP server

[mirror/userdir-ldap-cgi.git] / Util.pm

diff --git a/Util.pm b/Util.pm
index 14fab61..92ea455 100644 (file)
--- a/Util.pm
+++ b/Util.pm
@@ -357,7 +357,12 @@ sub ReadConfigFile {
 
 sub UpgradeConnection($) {
   my ($ldap) = @_;
-  my $mesg = $ldap->start_tls();
+  my $mesg = $ldap->start_tls(
+                          verify => 'require',
+                          # Cannot specify the server cert, must specify the CA cert
+                          #cafile => '/etc/ssl/servicecerts/db.debian.org.crt'
+                          cafile => '/etc/ssl/certs/UTN_USERFirst_Hardware_Root_CA.pem'
+                          );
   $mesg->sync;
   if ($mesg->code != LDAP_SUCCESS) {
     print "Content-type: text/html; charset=utf-8\n\n";