python-requests/requests-suse_cert_paths.patch

diff -ru a/requests/utils.py b/requests/utils.py
--- a/requests/utils.py	2012-05-08 06:56:28.000000000 +0200
+++ b/requests/utils.py	2012-05-23 14:06:43.728477504 +0200
@@ -14,6 +14,9 @@
 import os
 import random
 import re
+import socket
+import ssl
+import _ssl
 import zlib
 from netrc import netrc, NetrcParseError
 
@@ -42,13 +45,26 @@
         '/etc/ssl/certs/ca-certificates.crt',
         # FreeBSD (provided by the ca_root_nss package):
         '/usr/local/share/certs/ca-root-nss.crt',
+        # openSUSE (provided by the ca-certificates package), the 'certs' directory is the
+        # preferred way but may not be supported by the SSL module, thus it has 'ca-bundle.pem'
+        # as a fallback (which is generated from pem files in the 'certs' directory):
+        '/etc/ssl/certs',
+        '/etc/ssl/ca-bundle.pem',
 ]
 
 def get_os_ca_bundle_path():
     """Try to pick an available CA certificate bundle provided by the OS."""
     for path in POSSIBLE_CA_BUNDLE_PATHS:
         if os.path.exists(path):
-            return path
+            if os.path.isdir(path):
+                try:
+                    # Current candidate is a directory, check if SSL module supports that
+                    _ssl.sslwrap(socket.socket()._sock, False, None, None, ssl.CERT_REQUIRED, ssl.PROTOCOL_SSLv23, path, None)
+                    return path
+                except:
+                    pass # No support, let's check the next candidate
+            else:
+                return path
     return None
 
 # if certifi is installed, use its CA bundle;
Only in b/requests: .utils.py.swp
diff -ru a/setup.py b/setup.py
--- a/setup.py	2012-05-08 06:56:28.000000000 +0200
+++ b/setup.py	2012-05-23 14:07:30.303478614 +0200
@@ -34,7 +34,7 @@
 # On certain supported platforms (e.g., Red Hat / Debian / FreeBSD), Requests can
 # use the system CA bundle instead; see `requests.utils` for details.
 # If your platform is supported, set `requires` to [] instead:
-requires = ['certifi>=0.0.7']
+requires = []
 
 # chardet is used to optimally guess the encodings of pages that don't declare one.
 # At this time, chardet is not a required dependency. However, it's sufficiently
- Use a slightly different approach for bnc#761500, try to use /etc/ssl/certs but use /etc/ssl/ca-bundle.pem as a fallback. The previous fix didn't work for me as (my) Python ssl module doesn't support cert directories... - No need to check SUSE versions for python-certifi, it only is/was part of openSUSE:Factory for a brief period of time OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-requests?expand=0&rev=20 2012-05-23 14:16:00 +02:00			`diff -ru a/requests/utils.py b/requests/utils.py`
			`--- a/requests/utils.py 2012-05-08 06:56:28.000000000 +0200`
			`+++ b/requests/utils.py 2012-05-23 14:06:43.728477504 +0200`
			`@@ -14,6 +14,9 @@`
			`import os`
			`import random`
			`import re`
			`+import socket`
			`+import ssl`
			`+import _ssl`
			`import zlib`
			`from netrc import netrc, NetrcParseError`

			`@@ -42,13 +45,26 @@`
			`'/etc/ssl/certs/ca-certificates.crt',`
			`# FreeBSD (provided by the ca_root_nss package):`
			`'/usr/local/share/certs/ca-root-nss.crt',`
			`+ # openSUSE (provided by the ca-certificates package), the 'certs' directory is the`
			`+ # preferred way but may not be supported by the SSL module, thus it has 'ca-bundle.pem'`
			`+ # as a fallback (which is generated from pem files in the 'certs' directory):`
			`+ '/etc/ssl/certs',`
			`+ '/etc/ssl/ca-bundle.pem',`
			`]`

			`def get_os_ca_bundle_path():`
			`"""Try to pick an available CA certificate bundle provided by the OS."""`
			`for path in POSSIBLE_CA_BUNDLE_PATHS:`
			`if os.path.exists(path):`
			`- return path`
			`+ if os.path.isdir(path):`
			`+ try:`
			`+ # Current candidate is a directory, check if SSL module supports that`
			`+ _ssl.sslwrap(socket.socket()._sock, False, None, None, ssl.CERT_REQUIRED, ssl.PROTOCOL_SSLv23, path, None)`
			`+ return path`
			`+ except:`
			`+ pass # No support, let's check the next candidate`
			`+ else:`
			`+ return path`
			`return None`

			`# if certifi is installed, use its CA bundle;`
			`Only in b/requests: .utils.py.swp`
			`diff -ru a/setup.py b/setup.py`
			`--- a/setup.py 2012-05-08 06:56:28.000000000 +0200`
			`+++ b/setup.py 2012-05-23 14:07:30.303478614 +0200`
			`@@ -34,7 +34,7 @@`
			`# On certain supported platforms (e.g., Red Hat / Debian / FreeBSD), Requests can`
			# use the system CA bundle instead; see `requests.utils` for details.
			# If your platform is supported, set `requires` to [] instead:
			`-requires = ['certifi>=0.0.7']`
			`+requires = []`

			`# chardet is used to optimally guess the encodings of pages that don't declare one.`
			`# At this time, chardet is not a required dependency. However, it's sufficiently`