Adding certifi as default CA bundle.

2 files changed, 5 insertions, 4 deletions

diff --git a/netlib/tcp.py b/netlib/tcp.py
index ca948514..b523bea4 100644
--- a/netlib/tcp.py
+++ b/netlib/tcp.py
@@ -7,6 +7,7 @@ import threading
 import time
 import traceback
 
+import certifi
 import OpenSSL
 from OpenSSL import SSL
 
@@ -373,7 +374,7 @@ class _Connection(object):
                             method=SSLv23_METHOD,
                             options=(OP_NO_SSLv2 | OP_NO_SSLv3),
                             verify_options=VERIFY_NONE,
-                            ca_path=None,
+                            ca_path=certifi.where(),
                             ca_pemfile=None,
                             cipher_list=None,
                             alpn_protos=None,
@@ -403,8 +404,7 @@ class _Connection(object):
                     (err_depth, errno))
 
             context.set_verify(verify_options, verify_cert)
-            if ca_path is not None or ca_pemfile is not None:
-                context.load_verify_locations(ca_pemfile, ca_path)
+            context.load_verify_locations(ca_pemfile, ca_path)
 
         # Workaround for
         # https://github.com/pyca/pyopenssl/issues/190
diff --git a/setup.py b/setup.py
index 0051ea77..aa27cd90 100644
--- a/setup.py
+++ b/setup.py
@@ -66,7 +66,8 @@ setup(
         "pyOpenSSL>=0.15.1",
         "cryptography>=0.9",
         "passlib>=1.6.2",
-        "hpack>=1.0.1"],
+        "hpack>=1.0.1",
+        "certifi"],
     setup_requires=[
         "cffi",
         "pyOpenSSL>=0.15.1",