Use $config{sslcafile} instead of hardcoding the path to the SSL CA in Util.pm.

diff --git a/Util.pm b/Util.pm
index 92974b3..9b3a298 100644 (file)
--- a/Util.pm
+++ b/Util.pm
@@ -416,10 +416,7 @@ sub UpgradeConnection($) {
   my ($ldap) = @_;
   my $mesg = $ldap->start_tls(
                           verify => 'require',
-                          # Cannot specify the server cert, must specify the CA cert
-                          #cafile => '/etc/ssl/servicecerts/db.debian.org.crt'
-                          #cafile => '/etc/ssl/certs/UTN_USERFirst_Hardware_Root_CA.pem'
-                          cafile => '/usr/share/ca-certificates/mozilla/AddTrust_External_Root.crt'
+                          cafile => $config{sslcafile},
                           );
   $mesg->sync;
   if ($mesg->code != LDAP_SUCCESS) {

diff --git a/debian/changelog b/debian/changelog
index 773f9af..3a394bd 100644 (file)
--- a/debian/changelog
+++ b/debian/changelog
@@ -2,8 +2,10 @@ userdir-ldap-cgi (0.3.40) UNRELEASED; urgency=medium
 
   * Add dependency on libcrypt-cbc-perl.
   * Use $config{maildomain} in update.cgi instead of hardcoded db.d.o.
+  * Use $config{sslcafile} instead of hardcoding the path to the SSL CA
+    in Util.pm.
 
- -- Peter Palfrader <weasel@debian.org>  Sat, 03 Jan 2015 13:49:22 +0100
+ -- Peter Palfrader <weasel@debian.org>  Sat, 03 Jan 2015 13:56:47 +0100
 
 userdir-ldap-cgi (0.3.39) unstable; urgency=medium