diff options
Diffstat (limited to '0001-Do-not-override-the-system-SSL-certificates-with-the.patch')
-rw-r--r-- | 0001-Do-not-override-the-system-SSL-certificates-with-the.patch | 87 |
1 files changed, 87 insertions, 0 deletions
diff --git a/0001-Do-not-override-the-system-SSL-certificates-with-the.patch b/0001-Do-not-override-the-system-SSL-certificates-with-the.patch new file mode 100644 index 000000000000..168a99947941 --- /dev/null +++ b/0001-Do-not-override-the-system-SSL-certificates-with-the.patch @@ -0,0 +1,87 @@ +From b3d83c15c366747bf84772311eecad29e1413cb5 Mon Sep 17 00:00:00 2001 +From: Eli Schwartz <eschwartz@archlinux.org> +Date: Mon, 13 Jul 2020 11:29:54 -0400 +Subject: [PATCH] Do not override the system SSL certificates with the certifi + bundle. + +We need to respect the system certification policy, and by default the +ssl module will use our packaged ca-certificates. + +ssl.create_default_context(cafile=None) is the default to use the +builtin (system) certs, but due to the sorcery which this module uses to +check how arguments are being passed, it's less invasive to simply +hardcode the standard certificate path instead of letting python +properly handle it. +--- + httpx/_config.py | 4 +--- + setup.py | 1 - + tests/test_config.py | 5 ++--- + 3 files changed, 3 insertions(+), 7 deletions(-) + +diff --git a/httpx/_config.py b/httpx/_config.py +index 3785af9..d6aecf3 100644 +--- a/httpx/_config.py ++++ b/httpx/_config.py +@@ -4,8 +4,6 @@ import typing + from base64 import b64encode + from pathlib import Path + +-import certifi +- + from ._models import URL, Headers + from ._types import CertTypes, HeaderTypes, TimeoutTypes, URLTypes, VerifyTypes + from ._utils import get_ca_bundle_from_env, get_logger, warn_deprecated +@@ -45,7 +43,7 @@ class SSLConfig: + SSL Configuration. + """ + +- DEFAULT_CA_BUNDLE_PATH = Path(certifi.where()) ++ DEFAULT_CA_BUNDLE_PATH = Path("/etc/ssl/certs/ca-certificates.crt") + + def __init__( + self, +diff --git a/setup.py b/setup.py +index cc62169..e6fe71a 100644 +--- a/setup.py ++++ b/setup.py +@@ -55,7 +55,6 @@ setup( + include_package_data=True, + zip_safe=False, + install_requires=[ +- "certifi", + "hstspreload", + "sniffio", + "chardet==3.*", +diff --git a/tests/test_config.py b/tests/test_config.py +index 41d8191..286da00 100644 +--- a/tests/test_config.py ++++ b/tests/test_config.py +@@ -4,7 +4,6 @@ import ssl + import sys + from pathlib import Path + +-import certifi + import pytest + + import httpx +@@ -24,7 +23,7 @@ def test_load_ssl_config_verify_non_existing_path(): + + + def test_load_ssl_config_verify_existing_file(): +- ssl_config = SSLConfig(verify=certifi.where()) ++ ssl_config = SSLConfig(verify="/etc/ssl/certs/ca-certificates.crt") + context = ssl_config.ssl_context + assert context.verify_mode == ssl.VerifyMode.CERT_REQUIRED + assert context.check_hostname is True +@@ -55,7 +54,7 @@ def test_load_ssl_config_verify_env_file(https_server, ca_cert_pem_file, config) + + + def test_load_ssl_config_verify_directory(): +- path = Path(certifi.where()).parent ++ path = Path("/etc/ssl/certs/ca-certificates.crt").parent + ssl_config = SSLConfig(verify=path) + context = ssl_config.ssl_context + assert context.verify_mode == ssl.VerifyMode.CERT_REQUIRED +-- +2.27.0 + |