From 69124a32dd2d4e722e04b7258457532f973e6f09 Mon Sep 17 00:00:00 2001
From: Paul Wise <pabs@debian.org>
Date: Thu, 6 Nov 2014 18:50:27 +0800
Subject: [PATCH] Use the correct cert when connecting to the LDAP server

---
 Util.pm | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/Util.pm b/Util.pm
index 27060d7..92ea455 100644
--- a/Util.pm
+++ b/Util.pm
@@ -359,7 +359,9 @@ sub UpgradeConnection($) {
   my ($ldap) = @_;
   my $mesg = $ldap->start_tls(
                           verify => 'require',
-                          cafile => '/etc/ssl/certs/spi-cacert-2008.pem'
+                          # Cannot specify the server cert, must specify the CA cert
+                          #cafile => '/etc/ssl/servicecerts/db.debian.org.crt'
+                          cafile => '/etc/ssl/certs/UTN_USERFirst_Hardware_Root_CA.pem'
                           );
   $mesg->sync;
   if ($mesg->code != LDAP_SUCCESS) {
-- 
2.20.1