From 881a1af1948d529a77fafc4c41b976df79f13991 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: May 14 2021 18:42:12 +0000
Subject: Pass /etc/ipa/ca.crt if it exists to libcurl, else rely on system


Don't pass a non-existant file to libcurl because it overrides the
system-wide trust and the connection will fail since there is no
chain.

https://pagure.io/certmonger/issue/132

---

diff --git a/src/ipa.c b/src/ipa.c
index 361cec9..c47a6e3 100644
--- a/src/ipa.c
+++ b/src/ipa.c
@@ -1076,7 +1076,10 @@ main(int argc, const char **argv)
 	/* Start backfilling defaults, both hard-coded and from the IPA
 	 * configuration. */
 	if (cainfo == NULL) {
-		cainfo = "/etc/ipa/ca.crt";
+		struct stat st;
+		if (stat("/etc/ipa/ca.crt", &st) == 0) {
+			cainfo = "/etc/ipa/ca.crt";
+		}
 	}
 	if ((host == NULL) || (xmlrpc_uri == NULL) || (ldap_uri == NULL) ||
 	    (basedn == NULL)) {