Accepting request 373395 from home:matejcik:requests-mess

- update no-default-cacert.patch to simply pass empty CA path - urllib3-ssl-default-context.patch: patch bundled urllib3 to behave correctly with regard to empty CA path passed - change urllib3 fallback requirements to Recommends - use ca-certificates in SLE as well - recommend ca-certificates-mozilla to have a basic certificate set OBS-URL: https://build.opensuse.org/request/show/373395 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-requests?expand=0&rev=87
2016-03-15 20:09:49 +00:00 · 2016-03-15 20:09:49 +00:00 · 0f6946c0d7
commit 0f6946c0d7
parent ee0d6bcb47
4 changed files with 65 additions and 17 deletions
--- a/no-default-cacert.patch
+++ b/no-default-cacert.patch
@ -1,22 +1,39 @@
--- a/MANIFEST.in
-+++ b/MANIFEST.in
+Index: requests-2.9.1/MANIFEST.in
+===================================================================
+--- requests-2.9.1.orig/MANIFEST.in
+++ requests-2.9.1/MANIFEST.in
@@ -1 +1 @@
 -include README.rst LICENSE NOTICE HISTORY.rst test_requests.py requirements.txt requests/cacert.pem
 +include README.rst LICENSE NOTICE HISTORY.rst test_requests.py requirements.txt
--- a/requests/adapters.py
-+++ b/requests/adapters.py
-@@ -182,9 +182,6 @@ class HTTPAdapter(BaseAdapter):
-             if not cert_loc:
-                 cert_loc = DEFAULT_CA_BUNDLE_PATH
+Index: requests-2.9.1/requests/adapters.py
+===================================================================
+--- requests-2.9.1.orig/requests/adapters.py
+++ requests-2.9.1/requests/adapters.py
+@@ -179,15 +179,13 @@ class HTTPAdapter(BaseAdapter):
+             if verify is not True:
+                 cert_loc = verify
 
+-            if not cert_loc:
+-                cert_loc = DEFAULT_CA_BUNDLE_PATH
+-
 -            if not cert_loc:
 -                raise Exception("Could not find a suitable SSL CA certificate bundle.")
 -
             conn.cert_reqs = 'CERT_REQUIRED'
 
-             if not os.path.isdir(cert_loc):
--- a/requests/certs.py
-+++ b/requests/certs.py
+-            if not os.path.isdir(cert_loc):
+            if cert_loc is None:
+                # use default context
+                conn.ca_certs = None
+                conn.ca_cert_dir = None
+            elif not os.path.isdir(cert_loc):
+                 conn.ca_certs = cert_loc
+             else:
+                 conn.ca_cert_dir = cert_loc
+Index: requests-2.9.1/requests/certs.py
+===================================================================
+--- requests-2.9.1.orig/requests/certs.py
+++ requests-2.9.1/requests/certs.py
@@ -18,8 +18,9 @@ try:
 except ImportError:
     def where():
--- a/python-requests.changes
+++ b/python-requests.changes
@ -1,3 +1,13 @@
+-------------------------------------------------------------------
+Tue Mar  1 17:44:11 UTC 2016 - jmatejek@suse.com
+
+- update no-default-cacert.patch to simply pass empty CA path
+- urllib3-ssl-default-context.patch: patch bundled urllib3 to behave
+  correctly with regard to empty CA path passed
+- change urllib3 fallback requirements to Recommends
+- use ca-certificates in SLE as well
+- recommend ca-certificates-mozilla to have a basic certificate set
+
 -------------------------------------------------------------------
 Wed Feb 17 14:47:12 UTC 2016 - sor.alexei@meowr.ru

--- a/python-requests.spec
+++ b/python-requests.spec
@ -29,19 +29,26 @@ Url:            http://python-requests.org/
 Source:         http://pypi.python.org/packages/source/r/requests/requests-%{version}.tar.gz
 # PATCH-FIX-OPENSUSE no-default-cacert.patch -- Completely ignore the internal CA bundle.
 Patch0:         no-default-cacert.patch
+# PATCH-FIX-UPSTREAM update urllib3 to do the proper passthrough to set_default_verify_paths
+Patch1:         urllib3-ssl-default-context.patch
 BuildRequires:  python
 BuildRequires:  python-devel
 BuildRequires:  python-py
 BuildRequires:  python-setuptools
 Requires:       python
-# Really needed?
-#Requires:       python-ndg-httpsclient
-Requires:       python-pyOpenSSL
-Requires:       python-pyasn1
-%if 0%{?suse_version} >= 1120 && !(0%{?suse_version} == 1315 && !0%{?is_opensuse})
+# requirements for pyopenssl fallback of bundled urllib3
+Recommends:     python-ndg-httpsclient
+Recommends:     python-pyOpenSSL
+Recommends:     python-pyasn1
+%if 0%{?suse_version} <= 1200
+BuildRequires:  openssl-certs
+Requires:       openssl-certs
+%else
 BuildRequires:  ca-certificates
 Requires:       ca-certificates
 %endif
+# for good measure, at least recommend an actual set of certificates
+Recommends:     ca-certificates-mozilla
 %if 0%{?suse_version} >= 1120
 BuildArch:      noarch
 %else
@ -73,10 +80,11 @@ Features:

 %prep
 %setup -q -n requests-%{version}
-%if 0%{?suse_version} >= 1120 && !(0%{?suse_version} == 1315 && !0%{?is_opensuse})
 %patch0 -p1
+pushd requests/packages
+%patch1 -p1
+popd
 rm -f requests/cacert.pem
-%endif

 %build
 python setup.py build
--- a/urllib3-ssl-default-context.patch
+++ b/urllib3-ssl-default-context.patch
@ -0,0 +1,13 @@
+Index: b/urllib3/util/ssl_.py
+===================================================================
+--- a/urllib3/util/ssl_.py
+++ b/urllib3/util/ssl_.py
+@@ -299,6 +299,8 @@ def ssl_wrap_socket(sock, keyfile=None,
+             if e.errno == errno.ENOENT:
+                 raise SSLError(e)
+             raise
+    elif cert_reqs != ssl.CERT_NONE and hasattr(context, 'set_default_verify_paths'):
+        context.set_default_verify_paths()
+ 
+     if certfile:
+         context.load_cert_chain(certfile, keyfile)