X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=dgit.git;a=blobdiff_plain;f=dgit;h=eea4dbc53fbbbd5e89022116ada26abfbec82a24;hp=1aea272c413a246eaad93ae1672dee4a3253254e;hb=380552def4af93d4f299a706a9c01e8db2f725d0;hpb=650fbf1f44c1331c5206c468d2245b62b4221123

diff --git a/dgit b/dgit
index 1aea272c..eea4dbc5 100755
--- a/dgit
+++ b/dgit
@@ -452,6 +452,10 @@ our %defcfg = ('dgit.default.distro' => 'debian',
  'dgit-distro.debian.archive-query-url', 'https://api.ftp-master.debian.org/',
  'dgit-distro.debian.archive-query-tls-key',
     '/etc/ssl/certs/%HOST%.pem:/etc/dgit/%HOST%.pem',
+#
+# 'dgit-distro.debian.archive-query-tls-curl-args',
+#   '--ca-path=/etc/ssl/ca-debian',
+# ^ this is a workaround but works (only) on DSA-administered machines
 	       'dgit-distro.debian.diverts.alioth' => '/alioth',
 	       'dgit-distro.debian/alioth.git-host' => 'git.debian.org',
 	       'dgit-distro.debian/alioth.git-user-force' => '',
@@ -706,7 +710,7 @@ sub archive_api_query_cmd ($) {
     my $url = access_cfg('archive-query-url');
     if ($url =~ m#^https://([-.0-9a-z]+)/#) {
 	my $host = $1;
-	my $keys = access_cfg('archive-query-tls-key','RETURN-UNDEF');
+	my $keys = access_cfg('archive-query-tls-key','RETURN-UNDEF') //'';
 	foreach my $key (split /\:/, $keys) {
 	    $key =~ s/\%HOST\%/$host/g;
 	    if (!stat $key) {
@@ -716,6 +720,10 @@ sub archive_api_query_cmd ($) {
 	    push @cmd, "--cacert", $key, "--capath", "/dev/enoent";
 	    last;
 	}
+	# Fixing #790093 properly will involve providing a value
+	# for this on clients.
+	my $keys = access_cfg('archive-query-tls-curl-ca-args','RETURN-UNDEF');
+	push @cmd, split / /, $keys if defined $keys;
     }
     push @cmd, $url.$subpath;
     return @cmd;