python-requests/no-default-cacert.patch

Index: requests-2.6.0/requests/adapters.py
===================================================================
--- requests-2.6.0.orig/requests/adapters.py
+++ requests-2.6.0/requests/adapters.py
@@ -177,9 +177,6 @@ class HTTPAdapter(BaseAdapter):
             if not cert_loc:
                 cert_loc = DEFAULT_CA_BUNDLE_PATH
 
-            if not cert_loc:
-                raise Exception("Could not find a suitable SSL CA certificate bundle.")
-
             conn.cert_reqs = 'CERT_REQUIRED'
             conn.ca_certs = cert_loc
         else:
Index: requests-2.6.0/requests/certs.py
===================================================================
--- requests-2.6.0.orig/requests/certs.py
+++ requests-2.6.0/requests/certs.py
@@ -18,8 +18,9 @@ try:
 except ImportError:
     def where():
         """Return the preferred certificate bundle."""
-        # vendored bundle inside Requests
-        return os.path.join(os.path.dirname(__file__), 'cacert.pem')
+        # in openSUSE we rely on openssl's default instead of
+        # hardcoding stuff elsewhere
+        return None
 
 if __name__ == '__main__':
     print(where())
Index: requests-2.6.0/MANIFEST.in
===================================================================
--- requests-2.6.0.orig/MANIFEST.in
+++ requests-2.6.0/MANIFEST.in
@@ -1 +1 @@
-include README.rst LICENSE NOTICE HISTORY.rst test_requests.py requirements.txt requests/cacert.pem
+include README.rst LICENSE NOTICE HISTORY.rst test_requests.py requirements.txt
Index: requests-2.6.0/requests/packages/urllib3/util/ssl_.py
===================================================================
--- requests-2.6.0.orig/requests/packages/urllib3/util/ssl_.py
+++ requests-2.6.0/requests/packages/urllib3/util/ssl_.py
@@ -259,6 +259,9 @@ def ssl_wrap_socket(sock, keyfile=None,
             if e.errno == errno.ENOENT:
                 raise SSLError(e)
             raise
+    elif cert_reqs != CERT_NONE:
+        context.set_default_verify_paths()
+
     if certfile:
         context.load_cert_chain(certfile, keyfile)
     if HAS_SNI:  # Platform-specific: OpenSSL with enabled SNI
Accepting request 315237 from home:lnussel:branches:devel:languages:python - update no-default-cacert.patch to not hardcode a ca cert location OBS-URL: https://build.opensuse.org/request/show/315237 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-requests?expand=0&rev=57 2015-07-10 14:18:52 +02:00			`Index: requests-2.6.0/requests/adapters.py`
			`===================================================================`
			`--- requests-2.6.0.orig/requests/adapters.py`
			`+++ requests-2.6.0/requests/adapters.py`
			`@@ -177,9 +177,6 @@ class HTTPAdapter(BaseAdapter):`
Accepting request 184317 from home:vuntz:branches:devel:languages:python - Add no-default-cacert.patch: completely ignore the internal CA bundle and point to /etc/ssl/certs/. This works because we patched python to do the right thing when a directory is used there instead of a file. - Manually remove requests/cacert.pem (better than doing that in the patch, since it's big) too. OBS-URL: https://build.opensuse.org/request/show/184317 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-requests?expand=0&rev=38 2013-07-25 14:57:44 +02:00			`if not cert_loc:`
			`cert_loc = DEFAULT_CA_BUNDLE_PATH`

			`- if not cert_loc:`
			`- raise Exception("Could not find a suitable SSL CA certificate bundle.")`
			`-`
			`conn.cert_reqs = 'CERT_REQUIRED'`
			`conn.ca_certs = cert_loc`
			`else:`
Accepting request 315237 from home:lnussel:branches:devel:languages:python - update no-default-cacert.patch to not hardcode a ca cert location OBS-URL: https://build.opensuse.org/request/show/315237 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-requests?expand=0&rev=57 2015-07-10 14:18:52 +02:00			`Index: requests-2.6.0/requests/certs.py`
			`===================================================================`
			`--- requests-2.6.0.orig/requests/certs.py`
			`+++ requests-2.6.0/requests/certs.py`
			`@@ -18,8 +18,9 @@ try:`
			`except ImportError:`
Accepting request 248629 from home:TheBlackCat:branches:devel:languages:python Update to 2.4.1 OBS-URL: https://build.opensuse.org/request/show/248629 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-requests?expand=0&rev=49 2014-09-11 17:26:41 +02:00			`def where():`
			`"""Return the preferred certificate bundle."""`
Accepting request 315237 from home:lnussel:branches:devel:languages:python - update no-default-cacert.patch to not hardcode a ca cert location OBS-URL: https://build.opensuse.org/request/show/315237 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-requests?expand=0&rev=57 2015-07-10 14:18:52 +02:00			`- # vendored bundle inside Requests`
Accepting request 248629 from home:TheBlackCat:branches:devel:languages:python Update to 2.4.1 OBS-URL: https://build.opensuse.org/request/show/248629 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-requests?expand=0&rev=49 2014-09-11 17:26:41 +02:00			`- return os.path.join(os.path.dirname(__file__), 'cacert.pem')`
Accepting request 315237 from home:lnussel:branches:devel:languages:python - update no-default-cacert.patch to not hardcode a ca cert location OBS-URL: https://build.opensuse.org/request/show/315237 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-requests?expand=0&rev=57 2015-07-10 14:18:52 +02:00			`+ # in openSUSE we rely on openssl's default instead of`
			`+ # hardcoding stuff elsewhere`
			`+ return None`
Accepting request 184317 from home:vuntz:branches:devel:languages:python - Add no-default-cacert.patch: completely ignore the internal CA bundle and point to /etc/ssl/certs/. This works because we patched python to do the right thing when a directory is used there instead of a file. - Manually remove requests/cacert.pem (better than doing that in the patch, since it's big) too. OBS-URL: https://build.opensuse.org/request/show/184317 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-requests?expand=0&rev=38 2013-07-25 14:57:44 +02:00
			`if __name__ == '__main__':`
			`print(where())`
Accepting request 315237 from home:lnussel:branches:devel:languages:python - update no-default-cacert.patch to not hardcode a ca cert location OBS-URL: https://build.opensuse.org/request/show/315237 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-requests?expand=0&rev=57 2015-07-10 14:18:52 +02:00			`Index: requests-2.6.0/MANIFEST.in`
			`===================================================================`
			`--- requests-2.6.0.orig/MANIFEST.in`
			`+++ requests-2.6.0/MANIFEST.in`
Accepting request 184317 from home:vuntz:branches:devel:languages:python - Add no-default-cacert.patch: completely ignore the internal CA bundle and point to /etc/ssl/certs/. This works because we patched python to do the right thing when a directory is used there instead of a file. - Manually remove requests/cacert.pem (better than doing that in the patch, since it's big) too. OBS-URL: https://build.opensuse.org/request/show/184317 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-requests?expand=0&rev=38 2013-07-25 14:57:44 +02:00			`@@ -1 +1 @@`
			`-include README.rst LICENSE NOTICE HISTORY.rst test_requests.py requirements.txt requests/cacert.pem`
			`+include README.rst LICENSE NOTICE HISTORY.rst test_requests.py requirements.txt`
Accepting request 315237 from home:lnussel:branches:devel:languages:python - update no-default-cacert.patch to not hardcode a ca cert location OBS-URL: https://build.opensuse.org/request/show/315237 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-requests?expand=0&rev=57 2015-07-10 14:18:52 +02:00			`Index: requests-2.6.0/requests/packages/urllib3/util/ssl_.py`
			`===================================================================`
			`--- requests-2.6.0.orig/requests/packages/urllib3/util/ssl_.py`
			`+++ requests-2.6.0/requests/packages/urllib3/util/ssl_.py`
			`@@ -259,6 +259,9 @@ def ssl_wrap_socket(sock, keyfile=None,`
			`if e.errno == errno.ENOENT:`
			`raise SSLError(e)`
			`raise`
			`+ elif cert_reqs != CERT_NONE:`
			`+ context.set_default_verify_paths()`
			`+`
			`if certfile:`
			`context.load_cert_chain(certfile, keyfile)`
			`if HAS_SNI: # Platform-specific: OpenSSL with enabled SNI`