2 ===================================================================
3 --- Modules/_ssl.c.orig
5 @@ -271,6 +271,7 @@ newPySSLObject(PySocketSockObject *Sock,
9 + struct stat stat_buf;
11 self = PyObject_New(PySSLObject, &PySSL_Type); /* Create new object */
13 @@ -331,11 +332,23 @@ newPySSLObject(PySocketSockObject *Sock,
14 "verification of other-side certificates.");
17 - PySSL_BEGIN_ALLOW_THREADS
18 - ret = SSL_CTX_load_verify_locations(self->ctx,
21 - PySSL_END_ALLOW_THREADS
22 + /* If cacerts_file is a directory-based cert store, pass it as the
23 + third parameter, CApath, instead
25 + if (stat(cacerts_file, &stat_buf) == 0 && S_ISDIR(stat_buf.st_mode)) {
26 + PySSL_BEGIN_ALLOW_THREADS
27 + ret = SSL_CTX_load_verify_locations(self->ctx,
30 + PySSL_END_ALLOW_THREADS
32 + PySSL_BEGIN_ALLOW_THREADS
33 + ret = SSL_CTX_load_verify_locations(self->ctx,
36 + PySSL_END_ALLOW_THREADS
40 _setSSLError(NULL, 0, __FILE__, __LINE__);