Fix default certificate search path, still allowing the user to override it
with environment variables.

--- a/lib_pypy/_cffi_ssl/_stdssl/__init__.py
+++ b/lib_pypy/_cffi_ssl/_stdssl/__init__.py
@@ -1679,20 +1679,9 @@ def get_default_verify_paths():
      https://golang.org/src/crypto/x509/root_linux.go (for the files)
     '''
     certFiles = [
-        "/etc/ssl/certs/ca-certificates.crt",                # Debian/Ubuntu/Gentoo etc.
-        "/etc/pki/tls/certs/ca-bundle.crt",                  # Fedora/RHEL 6
-        "/etc/ssl/ca-bundle.pem",                            # OpenSUSE
-        "/etc/pki/tls/cacert.pem",                           # OpenELEC
-        "/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem", # CentOS/RHEL 7
-        "/etc/ssl/cert.pem",                                 # Alpine Linux
     ]
     certDirectories = [
-        "/etc/ssl/certs",               # SLES10/SLES11
-        "/system/etc/security/cacerts", # Android
-        "/usr/local/share/certs",       # FreeBSD
-        "/etc/pki/tls/certs",           # Fedora/RHEL
-        "/etc/openssl/certs",           # NetBSD
-        "/var/ssl/certs",               # AIX
+        "@GUIX_CERT_PATH@",
     ]
 
     # optimization: reuse the values from a local varaible
@@ -1707,9 +1696,10 @@ def get_default_verify_paths():
     ofile = _cstr_decode_fs(lib.X509_get_default_cert_file())
     odir = _cstr_decode_fs(lib.X509_get_default_cert_dir())
 
-    if os.path.exists(ofile) and os.path.exists(odir):
-        get_default_verify_paths.retval = (ofile_env, ofile, odir_env, odir)
-        return get_default_verify_paths.retval
+    if not os.path.exists(ofile):
+        ofile = None
+    if not os.path.exists(odir):
+        odir = None
 
     # OpenSSL didn't supply the goods. Try some other options
     for f in certFiles: