1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
|
From 9e8c2fd8abef936fa483da40f3819100b5e3b520 Mon Sep 17 00:00:00 2001
From: Eli Schwartz <eschwartz@archlinux.org>
Date: Tue, 6 Aug 2019 19:43:13 -0400
Subject: [PATCH] Do not override the system SSL certificates with the certifi
bundle.
We need to respect the system certification policy, and by default the
ssl module will use our packaged ca-certificates.
ssl.create_default_context(cafile=None) is the default to use the
builtin (system) certs, but can be overridden on the command line. I
don't know why one would wish to do so, but eh, this patch is less
invasive than the previous patch.
---
dephell/networking.py | 3 +--
setup.py | 2 +-
2 files changed, 2 insertions(+), 3 deletions(-)
diff --git a/dephell/networking.py b/dephell/networking.py
index faa91d3..61f836f 100644
--- a/dephell/networking.py
+++ b/dephell/networking.py
@@ -6,7 +6,6 @@ from time import sleep
from typing import Any, Optional
# external
-import certifi
import requests
from aiohttp import ClientError, ClientSession, TCPConnector
from requests.sessions import Session
@@ -31,7 +30,7 @@ def aiohttp_session(*, auth: Optional[Auth] = None, **kwargs: Any) -> ClientSess
# setup SSL
cafile = config.get('ca')
if not cafile:
- cafile = certifi.where()
+ cafile = None
ssl_context = create_default_context(cafile=cafile)
try:
connector = TCPConnector(ssl=ssl_context)
diff --git a/setup.py b/setup.py
index 2db6286..7f18120 100644
--- a/setup.py
+++ b/setup.py
@@ -56,7 +56,7 @@ setup(
package_dir={"": "."},
package_data={"dephell": ["templates/*.j2", "templates/*.sh"]},
install_requires=[
- 'aiohttp', 'attrs>=19.2.0', 'cerberus>=1.3', 'certifi',
+ 'aiohttp', 'attrs>=19.2.0', 'cerberus>=1.3',
'dephell-archive>=0.1.5', 'dephell-argparse>=0.1.1',
'dephell-changelogs', 'dephell-discover>=0.2.6',
'dephell-licenses>=0.1.6', 'dephell-links>=0.1.4',
--
2.27.0
|