From 0171b957e0726e401e263a2ec667ee9007ff243b Mon Sep 17 00:00:00 2001
From: Michael Wilson <mw@1wilson.org>
Date: Fri, 8 Jul 2022 20:01:04 +0200
Subject: [PATCH] use uri module instead of get_url to fix trusted CAs on
 openbsd

---
 firewall/tasks/openbsd.yml | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/firewall/tasks/openbsd.yml b/firewall/tasks/openbsd.yml
index 8c6d7e0..9661f81 100644
--- a/firewall/tasks/openbsd.yml
+++ b/firewall/tasks/openbsd.yml
@@ -48,14 +48,16 @@
     state: present
     snapshot: "{{ force_openbsd_snapshot | default(false) }}"
 - name: download pf-badhost
-  environment:
-    SSL_CERT_FILE: "/etc/ssl/cert.pem"
-  get_url:
+  uri:
     url: "{{ pfbadhost_url }}"
     dest: "{{ pfbadhost_path }}"
     owner: root
     group: wheel
     mode: "0755"
+    ca_path: /etc/ssl/cert.pem
+    status_code:
+      - 200
+      - 304
   register: pfbadhost_installed
 
 - name: enable authlog scanning