From c9c93af453ec332b660f70402b78ae8f269280f0 Mon Sep 17 00:00:00 2001
From: Kyle Morton <kylemorton@google.com>
Date: Tue, 16 Jun 2015 11:11:10 -0700
Subject: Adding certifi as default CA bundle.

---
 netlib/tcp.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'netlib/tcp.py')

diff --git a/netlib/tcp.py b/netlib/tcp.py
index ca948514..b523bea4 100644
--- a/netlib/tcp.py
+++ b/netlib/tcp.py
@@ -7,6 +7,7 @@ import threading
 import time
 import traceback
 
+import certifi
 import OpenSSL
 from OpenSSL import SSL
 
@@ -373,7 +374,7 @@ class _Connection(object):
                             method=SSLv23_METHOD,
                             options=(OP_NO_SSLv2 | OP_NO_SSLv3),
                             verify_options=VERIFY_NONE,
-                            ca_path=None,
+                            ca_path=certifi.where(),
                             ca_pemfile=None,
                             cipher_list=None,
                             alpn_protos=None,
@@ -403,8 +404,7 @@ class _Connection(object):
                     (err_depth, errno))
 
             context.set_verify(verify_options, verify_cert)
-            if ca_path is not None or ca_pemfile is not None:
-                context.load_verify_locations(ca_pemfile, ca_path)
+            context.load_verify_locations(ca_pemfile, ca_path)
 
         # Workaround for
         # https://github.com/pyca/pyopenssl/issues/190
-- 
cgit v1.2.3