clean up code support for OS certificate bundles

requests/certs.py

@@ -2,26 +2,30 @@
 # -*- coding: utf-8 -*-
 
 """
-ceritfi.py
-~~~~~~~~~~
+certs.py
+~~~~~~~~
 
-This module returns the installation location of cacert.pem.
+This module returns the preferred default CA certificate bundle.
+
+If you are packaging Requests, e.g., for a Linux distribution or a managed
+environment, you can change the definition of where() to return a separately
+packaged CA bundle.
 """
 
-import os
+import os.path
+
+certifi = None
 try:
     import certifi
 except ImportError:
-    certifi = None
-
+    pass
 
 def where():
-
+    """Return the preferred certificate bundle."""
     if certifi:
         return certifi.where()
-    else:
-        f = os.path.split(__file__)[0]
-        return os.path.join(f, 'cacert.pem')
+
+    return os.path.join(os.path.dirname(__file__), 'cacert.pem')
 
 if __name__ == '__main__':
     print(where())

requests/utils.py

@@ -19,50 +19,18 @@ import zlib
 from netrc import netrc, NetrcParseError
 
 from . import __version__
+from . import certs
 from .compat import parse_http_list as _parse_list_header
 from .compat import quote, urlparse, bytes, str, OrderedDict
 from .cookies import RequestsCookieJar, cookiejar_from_dict
 
 _hush_pyflakes = (RequestsCookieJar,)
 
-CERTIFI_BUNDLE_PATH = None
-try:
-    # see if requests's own CA certificate bundle is installed
-    from . import certs
-    path = certs.where()
-    if os.path.exists(path):
-        CERTIFI_BUNDLE_PATH = certs.where()
-except ImportError:
-    pass
-
 NETRC_FILES = ('.netrc', '_netrc')
 
-# common paths for the OS's CA certificate bundle
-POSSIBLE_CA_BUNDLE_PATHS = [
-        # Red Hat, CentOS, Fedora and friends (provided by the ca-certificates package):
-        '/etc/pki/tls/certs/ca-bundle.crt',
-        # Ubuntu, Debian, and friends (provided by the ca-certificates package):
-        '/etc/ssl/certs/ca-certificates.crt',
-        # FreeBSD (provided by the ca_root_nss package):
-        '/usr/local/share/certs/ca-root-nss.crt',
-        # openSUSE (provided by the ca-certificates package), the 'certs' directory is the
-        # preferred way but may not be supported by the SSL module, thus it has 'ca-bundle.pem'
-        # as a fallback (which is generated from pem files in the 'certs' directory):
-        '/etc/ssl/ca-bundle.pem',
-]
-
-
-def get_os_ca_bundle_path():
-    """Try to pick an available CA certificate bundle provided by the OS."""
-    for path in POSSIBLE_CA_BUNDLE_PATHS:
-        if os.path.exists(path):
-            return path
-    return None
-
 # if certifi is installed, use its CA bundle;
 # otherwise, try and use the OS bundle
-DEFAULT_CA_BUNDLE_PATH = CERTIFI_BUNDLE_PATH or get_os_ca_bundle_path()
-
+DEFAULT_CA_BUNDLE_PATH = certs.where()
 
 def dict_to_sequence(d):
     """Returns an internal sequence dictionary update."""