From d8c4bdd72c60e41113ef54713164e8547594b30c Mon Sep 17 00:00:00 2001
From: Tomas Orsava <torsava@redhat.com>
Date: Mon, 31 Jan 2022 16:51:09 +0100
Subject: [PATCH] Use the system level root certificate instead of the one
 bundled in certifi

https://bugzilla.redhat.com/show_bug.cgi?id=1655253

Patch adapted from the certify package:
https://src.fedoraproject.org/rpms/python-certifi/blob/da7f303d2c2d3260ddeda4ec09a6581789431d05/f/certifi-2020.11.8-use-system-cert.patch
---
 pipenv/patched/pip/_vendor/certifi/core.py | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/pipenv/patched/pip/_vendor/certifi/core.py b/pipenv/patched/pip/_vendor/certifi/core.py
index dac6f24..9214ccc 100644
--- a/pipenv/patched/pip/_vendor/certifi/core.py
+++ b/pipenv/patched/pip/_vendor/certifi/core.py
@@ -14,6 +14,8 @@ class _PipPatchedCertificate(Exception):
 
 
 try:
+    raise ImportError  # force fallback
+
     # Return a certificate file on disk for a standalone pip zipapp running in
     # an isolated build environment to use. Passing --cert to the standalone
     # pip does not work since requests calls where() unconditionally on import.
@@ -75,10 +77,8 @@ except ImportError:
     # If we don't have importlib.resources, then we will just do the old logic
     # of assuming we're on the filesystem and munge the path directly.
     def where() -> str:
-        f = os.path.dirname(__file__)
-
-        return os.path.join(f, "cacert.pem")
+        return '/etc/pki/tls/certs/ca-bundle.crt'
 
 
 def contents() -> str:
-    return read_text("certifi", "cacert.pem", encoding="ascii")
+    return read_text("certifi", "cacert.pem", encoding="utf-8")
-- 
2.35.3