TLS keys: Cope if archive-query-tls-key unset

[dgit.git] / dgit

diff --git a/dgit b/dgit
index c84fb80e40f4cd4359c064d0d696261c21426545..4986dd081e35142222cd1152d9e18eababd5c763 100755 (executable)
--- a/dgit
+++ b/dgit
@@ -706,14 +706,14 @@ sub archive_api_query_cmd ($) {
     my $url = access_cfg('archive-query-url');
     if ($url =~ m#^https://([-.0-9a-z]+)/#) {
        my $host = $1;
-       my $keys = access_cfg('archive-query-tls-key','RETURN-UNDEF');
+       my $keys = access_cfg('archive-query-tls-key','RETURN-UNDEF') //'';
        foreach my $key (split /\:/, $keys) {
            $key =~ s/\%HOST\%/$host/g;
            if (!stat $key) {
                fail "for $url: stat $key: $!" unless $!==ENOENT;
                next;
            }
-           push @cmd, "--ca-certificate=$key", "--ca-directory=/dev/enoent";
+           push @cmd, "--cacert", $key, "--capath", "/dev/enoent";
            last;
        }
     }
@@ -1693,7 +1693,7 @@ sub dopush ($) {
        create_remote_git_repo();
     }
     runcmd_ordryrun @git, qw(push),access_giturl(),
-        $forceflag."HEAD:".rrref(), "refs/tags/$tag";
+        $forceflag."HEAD:".rrref(), $forceflag."refs/tags/$tag";
     runcmd_ordryrun @git, qw(update-ref -m), 'dgit push', lrref(), 'HEAD';
 
     if ($we_are_responder) {