Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Merge pull request #1065 from slingamn/certs.release

clean up code support for OS certificate bundles
  • Loading branch information...
commit 81c18c70f5b2bf22be57fd2f0d134f269d0c971c 2 parents f1d51aa + bbea679
@kennethreitz authored
Showing with 16 additions and 44 deletions.
  1. +14 −10 requests/certs.py
  2. +2 −34 requests/utils.py
View
24 requests/certs.py
@@ -2,26 +2,30 @@
# -*- coding: utf-8 -*-
"""
-ceritfi.py
-~~~~~~~~~~
+certs.py
+~~~~~~~~
-This module returns the installation location of cacert.pem.
+This module returns the preferred default CA certificate bundle.
+
+If you are packaging Requests, e.g., for a Linux distribution or a managed
+environment, you can change the definition of where() to return a separately
+packaged CA bundle.
"""
-import os
+import os.path
+
+certifi = None
try:
import certifi
except ImportError:
- certifi = None
-
+ pass
def where():
-
+ """Return the preferred certificate bundle."""
if certifi:
return certifi.where()
- else:
- f = os.path.split(__file__)[0]
- return os.path.join(f, 'cacert.pem')
+
+ return os.path.join(os.path.dirname(__file__), 'cacert.pem')
if __name__ == '__main__':
print(where())
View
36 requests/utils.py
@@ -19,50 +19,18 @@
from netrc import netrc, NetrcParseError
from . import __version__
+from . import certs
from .compat import parse_http_list as _parse_list_header
from .compat import quote, urlparse, bytes, str, OrderedDict
from .cookies import RequestsCookieJar, cookiejar_from_dict
_hush_pyflakes = (RequestsCookieJar,)
-CERTIFI_BUNDLE_PATH = None
-try:
- # see if requests's own CA certificate bundle is installed
- from . import certs
- path = certs.where()
- if os.path.exists(path):
- CERTIFI_BUNDLE_PATH = certs.where()
-except ImportError:
- pass
-
NETRC_FILES = ('.netrc', '_netrc')
-# common paths for the OS's CA certificate bundle
-POSSIBLE_CA_BUNDLE_PATHS = [
- # Red Hat, CentOS, Fedora and friends (provided by the ca-certificates package):
- '/etc/pki/tls/certs/ca-bundle.crt',
- # Ubuntu, Debian, and friends (provided by the ca-certificates package):
- '/etc/ssl/certs/ca-certificates.crt',
- # FreeBSD (provided by the ca_root_nss package):
- '/usr/local/share/certs/ca-root-nss.crt',
- # openSUSE (provided by the ca-certificates package), the 'certs' directory is the
- # preferred way but may not be supported by the SSL module, thus it has 'ca-bundle.pem'
- # as a fallback (which is generated from pem files in the 'certs' directory):
- '/etc/ssl/ca-bundle.pem',
-]
-
-
-def get_os_ca_bundle_path():
- """Try to pick an available CA certificate bundle provided by the OS."""
- for path in POSSIBLE_CA_BUNDLE_PATHS:
- if os.path.exists(path):
- return path
- return None
-
# if certifi is installed, use its CA bundle;
# otherwise, try and use the OS bundle
-DEFAULT_CA_BUNDLE_PATH = CERTIFI_BUNDLE_PATH or get_os_ca_bundle_path()
-
+DEFAULT_CA_BUNDLE_PATH = certs.where()
def dict_to_sequence(d):
"""Returns an internal sequence dictionary update."""
Please sign in to comment.
Something went wrong with that request. Please try again.