From c4f7f37b019553aabda9ae50d88c71d7ac7cf5e5 Mon Sep 17 00:00:00 2001
From: Peter Palfrader <peter@palfrader.org>
Date: Sat, 3 Jan 2015 13:57:07 +0100
Subject: [PATCH] Use $config{sslcafile} instead of hardcoding the path to the
 SSL CA in Util.pm.

---
 Util.pm          | 5 +----
 debian/changelog | 4 +++-
 2 files changed, 4 insertions(+), 5 deletions(-)

diff --git a/Util.pm b/Util.pm
index 92974b3..9b3a298 100644
--- a/Util.pm
+++ b/Util.pm
@@ -416,10 +416,7 @@ sub UpgradeConnection($) {
   my ($ldap) = @_;
   my $mesg = $ldap->start_tls(
                           verify => 'require',
-                          # Cannot specify the server cert, must specify the CA cert
-                          #cafile => '/etc/ssl/servicecerts/db.debian.org.crt'
-                          #cafile => '/etc/ssl/certs/UTN_USERFirst_Hardware_Root_CA.pem'
-                          cafile => '/usr/share/ca-certificates/mozilla/AddTrust_External_Root.crt'
+                          cafile => $config{sslcafile},
                           );
   $mesg->sync;
   if ($mesg->code != LDAP_SUCCESS) {
diff --git a/debian/changelog b/debian/changelog
index 773f9af..3a394bd 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -2,8 +2,10 @@ userdir-ldap-cgi (0.3.40) UNRELEASED; urgency=medium
 
   * Add dependency on libcrypt-cbc-perl.
   * Use $config{maildomain} in update.cgi instead of hardcoded db.d.o.
+  * Use $config{sslcafile} instead of hardcoding the path to the SSL CA
+    in Util.pm.
 
- -- Peter Palfrader <weasel@debian.org>  Sat, 03 Jan 2015 13:49:22 +0100
+ -- Peter Palfrader <weasel@debian.org>  Sat, 03 Jan 2015 13:56:47 +0100
 
 userdir-ldap-cgi (0.3.39) unstable; urgency=medium
 
-- 
2.20.1