From: Shivaram Lingamneni Date: Sun, 23 Dec 2012 10:40:18 +0000 (-0800) Subject: clean up code support for OS certificate bundles X-Git-Tag: v1.1.0~13^2 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=bbea679ab278f9aa7a12df404fd55f354b0701f1;p=services%2Fpython-requests.git clean up code support for OS certificate bundles --- diff --git a/requests/certs.py b/requests/certs.py index 42df2f8..8148276 100644 --- a/requests/certs.py +++ b/requests/certs.py @@ -2,26 +2,30 @@ # -*- coding: utf-8 -*- """ -ceritfi.py -~~~~~~~~~~ +certs.py +~~~~~~~~ -This module returns the installation location of cacert.pem. +This module returns the preferred default CA certificate bundle. + +If you are packaging Requests, e.g., for a Linux distribution or a managed +environment, you can change the definition of where() to return a separately +packaged CA bundle. """ -import os +import os.path + +certifi = None try: import certifi except ImportError: - certifi = None - + pass def where(): - + """Return the preferred certificate bundle.""" if certifi: return certifi.where() - else: - f = os.path.split(__file__)[0] - return os.path.join(f, 'cacert.pem') + + return os.path.join(os.path.dirname(__file__), 'cacert.pem') if __name__ == '__main__': print(where()) diff --git a/requests/utils.py b/requests/utils.py index c94bd6c..8abebb9 100644 --- a/requests/utils.py +++ b/requests/utils.py @@ -19,50 +19,18 @@ import zlib from netrc import netrc, NetrcParseError from . import __version__ +from . import certs from .compat import parse_http_list as _parse_list_header from .compat import quote, urlparse, bytes, str, OrderedDict from .cookies import RequestsCookieJar, cookiejar_from_dict _hush_pyflakes = (RequestsCookieJar,) -CERTIFI_BUNDLE_PATH = None -try: - # see if requests's own CA certificate bundle is installed - from . import certs - path = certs.where() - if os.path.exists(path): - CERTIFI_BUNDLE_PATH = certs.where() -except ImportError: - pass - NETRC_FILES = ('.netrc', '_netrc') -# common paths for the OS's CA certificate bundle -POSSIBLE_CA_BUNDLE_PATHS = [ - # Red Hat, CentOS, Fedora and friends (provided by the ca-certificates package): - '/etc/pki/tls/certs/ca-bundle.crt', - # Ubuntu, Debian, and friends (provided by the ca-certificates package): - '/etc/ssl/certs/ca-certificates.crt', - # FreeBSD (provided by the ca_root_nss package): - '/usr/local/share/certs/ca-root-nss.crt', - # openSUSE (provided by the ca-certificates package), the 'certs' directory is the - # preferred way but may not be supported by the SSL module, thus it has 'ca-bundle.pem' - # as a fallback (which is generated from pem files in the 'certs' directory): - '/etc/ssl/ca-bundle.pem', -] - - -def get_os_ca_bundle_path(): - """Try to pick an available CA certificate bundle provided by the OS.""" - for path in POSSIBLE_CA_BUNDLE_PATHS: - if os.path.exists(path): - return path - return None - # if certifi is installed, use its CA bundle; # otherwise, try and use the OS bundle -DEFAULT_CA_BUNDLE_PATH = CERTIFI_BUNDLE_PATH or get_os_ca_bundle_path() - +DEFAULT_CA_BUNDLE_PATH = certs.where() def dict_to_sequence(d): """Returns an internal sequence dictionary update."""