Incorrect "No ssl certificates were loaded" warning

[c-14]

Since commit 1a944d8, youtube-dl incorrectly warns that https urls won't work on systems where ssl.get_default_verify_paths() only returns a capath and not a cafile. This is because the list returned by SSLContext.get_ca_certs() "does not contain certificates from capath unless a certificate was requested and loaded by a SSL connection", but _setup_opener() expects it to always return a nonzero value.

Edit: Attached Console output

./bin/youtube-dl -v https://www.youtube.com/watch\?v\=C0DPdy98e4c
[debug] System config: []
[debug] User config: ['-f', '303+bestaudio[ext=webm]/299+bestaudio[ext=webm]/bestvideo[ext=webm]+bestaudio[ext=webm]/bestvideo+bestaudio/best']
[debug] Command-line args: ['-v', 'https://www.youtube.com/watch?v=C0DPdy98e4c']
WARNING: No ssl certificates were loaded, urls that use https won't work
[debug] Encodings: locale UTF-8, fs utf-8, out UTF-8, pref UTF-8
[debug] youtube-dl version 2015.04.03
[debug] Git HEAD: e40bd5f
[debug] Python version 3.4.3 - Linux-3.19.3-gentoo-x86_64-Intel-R-_Core-TM-_i7_CPU_860_@_2.80GHz-with-gentoo-2.2
[debug] exe versions: ffmpeg N-71133-gcf16b45, ffprobe N-71133-gcf16b45, rtmpdump 2.4
[debug] Proxy map: {}
[youtube] C0DPdy98e4c: Downloading webpage
[youtube] C0DPdy98e4c: Extracting video information
[youtube] C0DPdy98e4c: Downloading DASH manifest
[debug] Invoking downloader on 'https://r1---sn-35cxacf-43ce.googlevideo.com/videoplayback?id=0b40cf772f7c7b87&itag=244&source=youtube&requiressl=yes&mv=m&ms=au&mm=31&pl=19&ratebypass=yes&mime=video/webm&gir=yes&clen=263160&lmt=1395126270357704&dur=16.560&sver=3&upn=dwb9Z4OEbgM&key=dg_yt0&mt=1428263942&fexp=900720,905659,906218,907263,931379,934954,9407486,9407756,9407792,9408102,9408618,945132,947243,948124,948703,951703,952612,957201,960621,961404,961406,966201&signature=2DB86ECDF3EE0223D85A26E134AE260DC653FDCF.7DF6DAFF5CACE1301E29C486C3934D88C1147601&ip=109.192.119.125&ipbits=0&expire=1428285590&sparams=ip,ipbits,expire,id,itag,source,requiressl,mv,ms,mm,pl,ratebypass,mime,gir,clen,lmt,dur'
[download] Destination: TEST VIDEO-C0DPdy98e4c.f244.webm
[download] 100% of 256.99KiB in 00:00
[debug] Invoking downloader on 'https://r1---sn-35cxacf-43ce.googlevideo.com/videoplayback?id=0b40cf772f7c7b87&itag=171&source=youtube&requiressl=yes&mv=m&ms=au&mm=31&pl=19&ratebypass=yes&mime=audio/webm&gir=yes&clen=29361&lmt=1395126256648579&dur=17.550&sver=3&upn=dwb9Z4OEbgM&key=dg_yt0&mt=1428263942&fexp=900720,905659,906218,907263,931379,934954,9407486,9407756,9407792,9408102,9408618,945132,947243,948124,948703,951703,952612,957201,960621,961404,961406,966201&signature=1EE8861BC3594A8A88CA94F473DB860B4B53E5BC.958CAF9ACCA858E70E6D77A3AB2163943289C948&ip=109.192.119.125&ipbits=0&expire=1428285590&sparams=ip,ipbits,expire,id,itag,source,requiressl,mv,ms,mm,pl,ratebypass,mime,gir,clen,lmt,dur'
[download] Destination: TEST VIDEO-C0DPdy98e4c.f171.webm
[download] 100% of 28.67KiB in 00:00
[ffmpeg] Merging formats into "TEST VIDEO-C0DPdy98e4c.webm"
[debug] ffmpeg command line: ffmpeg -y -i 'TEST VIDEO-C0DPdy98e4c.f244.webm' -i 'TEST VIDEO-C0DPdy98e4c.f171.webm' -c copy -map 0:v:0 -map 1:a:0 'TEST VIDEO-C0DPdy98e4c.webm'

[jaimeMF]

Could you run the following script and post the output? (feel free to remove some info about specific certificates if you want):

import ssl

# Load default certificates
context = ssl.create_default_context(ssl.Purpose.SERVER_AUTH)
stats = context.cert_store_stats()
print('Stats:', stats)
ca_certs = context.get_ca_certs()
print('{} CA Certificates loaded:'.format(len(ca_certs)))
for cert_dict in ca_certs:
    print(cert_dict['subject'])
print()

[c-14]

$ python ssltest.py
Stats: {'x509_ca': 0, 'x509': 0, 'crl': 0}
0 CA Certificates loaded:

[jaimeMF]

I have reverted the change, thanks for the report. It's a bit unfutunate because I would like to check if any certificate is available, but I haven't found any method for getting it.