python-urllib3/urllib3-ssl-default-context.patch

Index: urllib3-1.19.1/urllib3/util/ssl_.py
===================================================================
--- urllib3-1.19.1.orig/urllib3/util/ssl_.py
+++ urllib3-1.19.1/urllib3/util/ssl_.py
@@ -314,9 +314,13 @@ def ssl_wrap_socket(sock, keyfile=None,
             if e.errno == errno.ENOENT:
                 raise SSLError(e)
             raise
-    elif getattr(context, 'load_default_certs', None) is not None:
-        # try to load OS default certs; works well on Windows (require Python3.4+)
-        context.load_default_certs()
+    else:
+        if cert_reqs != ssl.CERT_NONE and hasattr(context, 'set_default_verify_paths'):
+            context.set_default_verify_paths()
+
+        if getattr(context, 'load_default_certs', None) is not None:
+            # try to load OS default certs; works well on Windows (require Python3.4+)
+            context.load_default_certs()
 
     if certfile:
         context.load_cert_chain(certfile, keyfile)