From d8c4bdd72c60e41113ef54713164e8547594b30c Mon Sep 17 00:00:00 2001
From: Tomas Orsava <torsava@redhat.com>
Date: Mon, 31 Jan 2022 16:51:09 +0100
Subject: [PATCH] Use the system level root certificate instead of the one
bundled in certifi
https://bugzilla.redhat.com/show_bug.cgi?id=1655253
Patch adapted from the certify package:
https://src.fedoraproject.org/rpms/python-certifi/blob/da7f303d2c2d3260ddeda4ec09a6581789431d05/f/certifi-2020.11.8-use-system-cert.patch
---
pipenv/patched/pip/_vendor/certifi/core.py | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/pipenv/patched/pip/_vendor/certifi/core.py b/pipenv/patched/pip/_vendor/certifi/core.py
index dac6f24..9214ccc 100644
--- a/pipenv/patched/pip/_vendor/certifi/core.py
+++ b/pipenv/patched/pip/_vendor/certifi/core.py
@@ -14,6 +14,8 @@ class _PipPatchedCertificate(Exception):
try:
+ raise ImportError # force fallback
+
# Return a certificate file on disk for a standalone pip zipapp running in
# an isolated build environment to use. Passing --cert to the standalone
# pip does not work since requests calls where() unconditionally on import.
@@ -75,10 +77,8 @@ except ImportError:
# If we don't have importlib.resources, then we will just do the old logic
# of assuming we're on the filesystem and munge the path directly.
def where() -> str:
- f = os.path.dirname(__file__)
-
- return os.path.join(f, "cacert.pem")
+ return '/etc/pki/tls/certs/ca-bundle.crt'
def contents() -> str:
- return read_text("certifi", "cacert.pem", encoding="ascii")
+ return read_text("certifi", "cacert.pem", encoding="utf-8")
--
2.35.3