diff -ru a/requests/utils.py b/requests/utils.py --- a/requests/utils.py 2012-05-08 06:56:28.000000000 +0200 +++ b/requests/utils.py 2012-05-23 14:06:43.728477504 +0200 @@ -14,6 +14,9 @@ import os import random import re +import socket +import ssl +import _ssl import zlib from netrc import netrc, NetrcParseError @@ -42,13 +45,26 @@ '/etc/ssl/certs/ca-certificates.crt', # FreeBSD (provided by the ca_root_nss package): '/usr/local/share/certs/ca-root-nss.crt', + # openSUSE (provided by the ca-certificates package), the 'certs' directory is the + # preferred way but may not be supported by the SSL module, thus it has 'ca-bundle.pem' + # as a fallback (which is generated from pem files in the 'certs' directory): + '/etc/ssl/certs', + '/etc/ssl/ca-bundle.pem', ] def get_os_ca_bundle_path(): """Try to pick an available CA certificate bundle provided by the OS.""" for path in POSSIBLE_CA_BUNDLE_PATHS: if os.path.exists(path): - return path + if os.path.isdir(path): + try: + # Current candidate is a directory, check if SSL module supports that + _ssl.sslwrap(socket.socket()._sock, False, None, None, ssl.CERT_REQUIRED, ssl.PROTOCOL_SSLv23, path, None) + return path + except: + pass # No support, let's check the next candidate + else: + return path return None # if certifi is installed, use its CA bundle; Only in b/requests: .utils.py.swp diff -ru a/setup.py b/setup.py --- a/setup.py 2012-05-08 06:56:28.000000000 +0200 +++ b/setup.py 2012-05-23 14:07:30.303478614 +0200 @@ -34,7 +34,7 @@ # On certain supported platforms (e.g., Red Hat / Debian / FreeBSD), Requests can # use the system CA bundle instead; see `requests.utils` for details. # If your platform is supported, set `requires` to [] instead: -requires = ['certifi>=0.0.7'] +requires = [] # chardet is used to optimally guess the encodings of pages that don't declare one. # At this time, chardet is not a required dependency. However, it's sufficiently