diff --git a/curl-7.41.0-use-openssl-s-built-in-verify-path-as-fallback.diff b/curl-7.41.0-use-openssl-s-built-in-verify-path-as-fallback.diff
new file mode 100644
index 0000000..2a50f75
--- /dev/null
+++ b/curl-7.41.0-use-openssl-s-built-in-verify-path-as-fallback.diff
@@ -0,0 +1,32 @@
+From 9af60d2d52d9635ba4498d3a42abd85c7c2140db Mon Sep 17 00:00:00 2001
+From: Ludwig Nussel <ludwig.nussel@suse.de>
+Date: Tue, 24 Mar 2015 13:25:17 +0100
+Subject: [PATCH] use openssl's built in verify path as fallback
+
+Trying to verify a peer without any having any root CA certificates
+registered won't work. So use openssl's built in default as
+fallback.
+
+https://github.com/bagder/curl/pull/175
+---
+ lib/vtls/openssl.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
+index 3f93e22..34abd64 100644
+--- a/lib/vtls/openssl.c
++++ b/lib/vtls/openssl.c
+@@ -2012,6 +2012,10 @@ static CURLcode ossl_connect_step1(struct connectdata *conn, int sockindex)
+           "none",
+           data->set.str[STRING_SSL_CAPATH] ? data->set.str[STRING_SSL_CAPATH]:
+           "none");
++  } else if (data->set.ssl.verifypeer) {
++          /* verfying the peer without any CA certificates won't
++             work so use openssl's built in default as fallback */
++          SSL_CTX_set_default_verify_paths(connssl->ctx);
+   }
+ 
+   if(data->set.str[STRING_SSL_CRLFILE]) {
+-- 
+2.3.3
+
diff --git a/curl.changes b/curl.changes
index ffd910e..e9ec2b7 100644
--- a/curl.changes
+++ b/curl.changes
@@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Tue Mar 24 12:49:35 UTC 2015 - lnussel@suse.de
+
+- don't hardcode /etc/ssl/certs. Use openssl's default instead
+
 -------------------------------------------------------------------
 Thu Feb 26 09:37:22 UTC 2015 - sor.alexei@meowr.ru
 
diff --git a/curl.spec b/curl.spec
index 034851e..40b889b 100644
--- a/curl.spec
+++ b/curl.spec
@@ -33,6 +33,8 @@ Source4:        %{name}.keyring
 Patch0:         libcurl-ocloexec.patch
 Patch1:         dont-mess-with-rpmoptflags.diff
 Patch3:         curl-secure-getenv.patch
+# PATCH-FIX-OPENSUSE lnussel@suse.de -- use openssl's built in verify path as fallback
+Patch4:         curl-7.41.0-use-openssl-s-built-in-verify-path-as-fallback.diff
 BuildRequires:  krb5-mini-devel
 BuildRequires:  libtool
 BuildRequires:  lzma
@@ -94,6 +96,7 @@ user interaction or any kind of interactivity.
 %patch0
 %patch1
 %patch3
+%patch4 -p1
 
 %build
 # curl complains if macro definition is contained in CFLAGS
@@ -112,7 +115,8 @@ sed -i 's/\(link_all_deplibs=\)unknown/\1no/' configure
 	--enable-ipv6 \
 %if %{with openssl}
 	--with-ssl \
-	--with-ca-path=%{_sysconfdir}/ssl/certs/ \
+       --without-ca-path \
+       --without-ca-bundle \
 %else
 	--without-ssl \
 %if %{with mozilla_nss}