From 7dee967dd72fd824e6042031551e37701229d6d6 Mon Sep 17 00:00:00 2001
From: Simon Deziel <simon.deziel@gmail.com>
Date: Fri, 25 Jul 2014 10:01:31 -0400
Subject: [PATCH] Attempt to use /etc/ssl/certs/ca-certificates.crt if no
 CACERTS are available. On Debian, this is the default location for
 system-wide trust anchors.

---
 cipherscan | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/cipherscan b/cipherscan
index c38bc85..c6becef 100755
--- a/cipherscan
+++ b/cipherscan
@@ -8,7 +8,14 @@
 DOBENCHMARK=0
 BENCHMARKITER=30
 OPENSSLBIN="$(dirname $0)/openssl"
-CACERTS=${CACERTS:-/etc/pki/tls/certs/ca-bundle.crt}
+if [ -z "$CACERTS" ]; then
+  for f in /etc/pki/tls/certs/ca-bundle.crt /etc/ssl/certs/ca-certificates.crt; do
+    if [ -e "$f" ]; then
+      CACERTS="$f"
+      break
+    fi
+  done
+fi
 if [ ! -e "$CACERTS" ]; then
     echo "Warning: CA Certificates not found at $CACERTS, export CACERTS variable with location of your trust anchors" 1>&2
 fi
@@ -326,6 +333,7 @@ do
 done
 
 if [ $VERBOSE != 0 ] ; then
+    [ -n "$CACERTS" ] && echo "Using trust anchors from $CACERTS"
     echo "Loading $($OPENSSLBIN ciphers -v $CIPHERSUITE 2>/dev/null|grep Kx|wc -l) ciphersuites from $(echo -n $($OPENSSLBIN version 2>/dev/null))"
          $OPENSSLBIN ciphers ALL 2>/dev/null
 fi