1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
| | Fix default certificate search path, still allowing the user to override it
with environment variables.
--- a/lib_pypy/_cffi_ssl/_stdssl/__init__.py
+++ b/lib_pypy/_cffi_ssl/_stdssl/__init__.py
@@ -1679,20 +1679,9 @@ def get_default_verify_paths():
https://golang.org/src/crypto/x509/root_linux.go (for the files)
'''
certFiles = [
- "/etc/ssl/certs/ca-certificates.crt", # Debian/Ubuntu/Gentoo etc.
- "/etc/pki/tls/certs/ca-bundle.crt", # Fedora/RHEL 6
- "/etc/ssl/ca-bundle.pem", # OpenSUSE
- "/etc/pki/tls/cacert.pem", # OpenELEC
- "/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem", # CentOS/RHEL 7
- "/etc/ssl/cert.pem", # Alpine Linux
]
certDirectories = [
- "/etc/ssl/certs", # SLES10/SLES11
- "/system/etc/security/cacerts", # Android
- "/usr/local/share/certs", # FreeBSD
- "/etc/pki/tls/certs", # Fedora/RHEL
- "/etc/openssl/certs", # NetBSD
- "/var/ssl/certs", # AIX
+ "@GUIX_CERT_PATH@",
]
# optimization: reuse the values from a local varaible
@@ -1707,9 +1696,10 @@ def get_default_verify_paths():
ofile = _cstr_decode_fs(lib.X509_get_default_cert_file())
odir = _cstr_decode_fs(lib.X509_get_default_cert_dir())
- if os.path.exists(ofile) and os.path.exists(odir):
- get_default_verify_paths.retval = (ofile_env, ofile, odir_env, odir)
- return get_default_verify_paths.retval
+ if not os.path.exists(ofile):
+ ofile = None
+ if not os.path.exists(odir):
+ odir = None
# OpenSSL didn't supply the goods. Try some other options
for f in certFiles:
|