From 9e8c2fd8abef936fa483da40f3819100b5e3b520 Mon Sep 17 00:00:00 2001 From: Eli Schwartz Date: Tue, 6 Aug 2019 19:43:13 -0400 Subject: [PATCH] Do not override the system SSL certificates with the certifi bundle. We need to respect the system certification policy, and by default the ssl module will use our packaged ca-certificates. ssl.create_default_context(cafile=None) is the default to use the builtin (system) certs, but can be overridden on the command line. I don't know why one would wish to do so, but eh, this patch is less invasive than the previous patch. --- dephell/networking.py | 3 +-- setup.py | 2 +- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/dephell/networking.py b/dephell/networking.py index faa91d3..61f836f 100644 --- a/dephell/networking.py +++ b/dephell/networking.py @@ -6,7 +6,6 @@ from time import sleep from typing import Any, Optional # external -import certifi import requests from aiohttp import ClientError, ClientSession, TCPConnector from requests.sessions import Session @@ -31,7 +30,7 @@ def aiohttp_session(*, auth: Optional[Auth] = None, **kwargs: Any) -> ClientSess # setup SSL cafile = config.get('ca') if not cafile: - cafile = certifi.where() + cafile = None ssl_context = create_default_context(cafile=cafile) try: connector = TCPConnector(ssl=ssl_context) diff --git a/setup.py b/setup.py index 2db6286..7f18120 100644 --- a/setup.py +++ b/setup.py @@ -56,7 +56,7 @@ setup( package_dir={"": "."}, package_data={"dephell": ["templates/*.j2", "templates/*.sh"]}, install_requires=[ - 'aiohttp', 'attrs>=19.2.0', 'cerberus>=1.3', 'certifi', + 'aiohttp', 'attrs>=19.2.0', 'cerberus>=1.3', 'dephell-archive>=0.1.5', 'dephell-argparse>=0.1.1', 'dephell-changelogs', 'dephell-discover>=0.2.6', 'dephell-licenses>=0.1.6', 'dephell-links>=0.1.4', -- 2.27.0