- Use a slightly different approach for bnc#761500, try to use /etc/ssl/certs

but use /etc/ssl/ca-bundle.pem as a fallback. The previous fix didn't work for me as (my) Python ssl module doesn't support cert directories... - No need to check SUSE versions for python-certifi, it only is/was part of openSUSE:Factory for a brief period of time OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-requests?expand=0&rev=20
2012-05-23 12:16:00 +00:00 · 2012-05-23 12:16:00 +00:00 · 46275a5a11
commit 46275a5a11
parent d22ba905da
4 changed files with 66 additions and 55 deletions
--- a/python-requests.changes
+++ b/python-requests.changes
@ -1,3 +1,12 @@
+-------------------------------------------------------------------
+Wed May 23 12:09:35 UTC 2012 - saschpe@suse.de
+
+- Use a slightly different approach for bnc#761500, try to use /etc/ssl/certs
+  but use /etc/ssl/ca-bundle.pem as a fallback. The previous fix didn't work
+  for me as (my) Python ssl module doesn't support cert directories...
+- No need to check SUSE versions for python-certifi, it only is/was
+  part of openSUSE:Factory for a brief period of time
+
 -------------------------------------------------------------------
 Sun May 20 17:44:57 UTC 2012 - jfunk@funktronics.ca

--- a/python-requests.spec
+++ b/python-requests.spec
@ -16,7 +16,6 @@
 #


-
 Name:           python-requests
 Version:        0.12.1
 Release:        0
@ -25,21 +24,17 @@ Summary:        Awesome Python HTTP Library That's Actually Usable
 License:        ISC
 Group:          Development/Languages/Python
 Source:         http://pypi.python.org/packages/source/r/requests/requests-%{version}.tar.gz
-# PATCH-FIX-OPENSUSE requests-use_directory_cert_store.patch [bnc#761501] -- Load directory-based cert store in /etc/ssl/certs. Depends on Python patched to allow it
-Patch0:         requests-use_directory_cert_store.patch
+# PATCH-FIX-UPSREAM requests-suse_cert_paths.patch [bnc#761501] -- Load directory-based cert store in /etc/ssl/certs. Depends on Python patched to allow it, fall back to /etc/ssl/ca-bundle.pem otherwise
+Patch0:         requests-suse_cert_paths.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 BuildRequires:  python
+BuildRequires:  python-chardet
 BuildRequires:  python-devel
 BuildRequires:  python-distribute
-BuildRequires:  python-chardet
 BuildRequires:  python-oauthlib
 Requires:       python
 Requires:       python-chardet
 Requires:       python-oauthlib
-%if 0%{?suse_version} && 0%{?suse_version} < 1220
-BuildRequires:  python-certifi
-Requires:       python-certifi
-%endif
 %if 0%{?suse_version} && 0%{?suse_version} <= 1110
 %{!?python_sitelib: %global python_sitelib %(python -c "from distutils.sysconfig import get_python_lib; print get_python_lib()")}
 %else
@ -72,9 +67,7 @@ Features:

 %prep
 %setup -q -n requests-%{version}
-%if 0%{?suse_version} && 0%{?suse_version} >= 1220
 %patch0 -p1
-%endif

 %build
 python setup.py build
--- a/requests-suse_cert_paths.patch
+++ b/requests-suse_cert_paths.patch
@ -0,0 +1,54 @@
+diff -ru a/requests/utils.py b/requests/utils.py
+--- a/requests/utils.py	2012-05-08 06:56:28.000000000 +0200
+++ b/requests/utils.py	2012-05-23 14:06:43.728477504 +0200
+@@ -14,6 +14,9 @@
+ import os
+ import random
+ import re
+import socket
+import ssl
+import _ssl
+ import zlib
+ from netrc import netrc, NetrcParseError
+ 
+@@ -42,13 +45,26 @@
+         '/etc/ssl/certs/ca-certificates.crt',
+         # FreeBSD (provided by the ca_root_nss package):
+         '/usr/local/share/certs/ca-root-nss.crt',
+        # openSUSE (provided by the ca-certificates package), the 'certs' directory is the
+        # preferred way but may not be supported by the SSL module, thus it has 'ca-bundle.pem'
+        # as a fallback (which is generated from pem files in the 'certs' directory):
+        '/etc/ssl/certs',
+        '/etc/ssl/ca-bundle.pem',
+ ]
+ 
+ def get_os_ca_bundle_path():
+     """Try to pick an available CA certificate bundle provided by the OS."""
+     for path in POSSIBLE_CA_BUNDLE_PATHS:
+         if os.path.exists(path):
+-            return path
+            if os.path.isdir(path):
+                try:
+                    # Current candidate is a directory, check if SSL module supports that
+                    _ssl.sslwrap(socket.socket()._sock, False, None, None, ssl.CERT_REQUIRED, ssl.PROTOCOL_SSLv23, path, None)
+                    return path
+                except:
+                    pass # No support, let's check the next candidate
+            else:
+                return path
+     return None
+ 
+ # if certifi is installed, use its CA bundle;
+Only in b/requests: .utils.py.swp
+diff -ru a/setup.py b/setup.py
+--- a/setup.py	2012-05-08 06:56:28.000000000 +0200
+++ b/setup.py	2012-05-23 14:07:30.303478614 +0200
+@@ -34,7 +34,7 @@
+ # On certain supported platforms (e.g., Red Hat / Debian / FreeBSD), Requests can
+ # use the system CA bundle instead; see `requests.utils` for details.
+ # If your platform is supported, set `requires` to [] instead:
+-requires = ['certifi>=0.0.7']
+requires = []
+ 
+ # chardet is used to optimally guess the encodings of pages that don't declare one.
+ # At this time, chardet is not a required dependency. However, it's sufficiently
--- a/requests-use_directory_cert_store.patch
+++ b/requests-use_directory_cert_store.patch
@ -1,45 +0,0 @@
-Index: requests-0.12.1/requests/utils.py
-===================================================================
--- requests-0.12.1.orig/requests/utils.py
-+++ requests-0.12.1/requests/utils.py
-@@ -14,6 +14,9 @@ import codecs
- import os
- import random
- import re
-+import socket
-+import ssl
-+import _ssl
- import zlib
- from netrc import netrc, NetrcParseError
- 
-@@ -51,9 +54,14 @@ def get_os_ca_bundle_path():
-             return path
-     return None
- 
-# if certifi is installed, use its CA bundle;
-# otherwise, try and use the OS bundle
-DEFAULT_CA_BUNDLE_PATH = CERTIFI_BUNDLE_PATH or get_os_ca_bundle_path()
-+# If SSL module can load a directory-based store, use that
-+try:
-+    _ssl.sslwrap(socket.socket()._sock, False, None, None, ssl.CERT_REQUIRED, ssl.PROTOCOL_SSLv23, "/etc/ssl/certs", None)
-+    DEFAULT_CA_BUNDLE_PATH = "/etc/ssl/certs"
-+except ssl.SSLError:
-+    # if certifi is installed, use its CA bundle;
-+    # otherwise, try and use the OS bundle
-+    DEFAULT_CA_BUNDLE_PATH = CERTIFI_BUNDLE_PATH or get_os_ca_bundle_path()
- 
- def dict_to_sequence(d):
-     """Returns an internal sequence dictionary update."""
-Index: requests-0.12.1/setup.py
-===================================================================
--- requests-0.12.1.orig/setup.py
-+++ requests-0.12.1/setup.py
-@@ -34,7 +34,7 @@ packages = [
- # On certain supported platforms (e.g., Red Hat / Debian / FreeBSD), Requests can
- # use the system CA bundle instead; see `requests.utils` for details.
- # If your platform is supported, set `requires` to [] instead:
-requires = ['certifi>=0.0.7']
-+requires = []
- 
- # chardet is used to optimally guess the encodings of pages that don't declare one.
- # At this time, chardet is not a required dependency. However, it's sufficiently