Fixing how certifi is made the default ca_path to simplify calling logic.

author: Kyle Morton <kylemorton@google.com> 2015-06-26 14:57:00 -0700
committer: Kyle Morton <kylemorton@google.com> 2015-06-26 14:57:00 -0700
commit: 0a2b25187faea1fa29a3b21935cd55294b173bf8 (patch)
tree: ae58e07082abf6e5d4d8f18eb49408e1cde6e2d1 /netlib
parent: 8ca103cba5aa0e64ca81477dee6a74a183548336 (diff)
download: mitmproxy-0a2b25187faea1fa29a3b21935cd55294b173bf8.tar.gz
mitmproxy-0a2b25187faea1fa29a3b21935cd55294b173bf8.tar.bz2
mitmproxy-0a2b25187faea1fa29a3b21935cd55294b173bf8.zip
1 files changed, 3 insertions, 1 deletions
diff --git a/netlib/tcp.py b/netlib/tcp.py
index 74a275c9..38b77c9e 100644
--- a/netlib/tcp.py
+++ b/netlib/tcp.py
@@ -390,7 +390,7 @@ class _Connection(object):
                             method=SSL_DEFAULT_METHOD,
                             options=SSL_DEFAULT_OPTIONS,
                             verify_options=SSL.VERIFY_NONE,
-                            ca_path=certifi.where(),
+                            ca_path=None,
                             ca_pemfile=None,
                             cipher_list=None,
                             alpn_protos=None,
@@ -421,6 +421,8 @@ class _Connection(object):
                 return is_cert_verified
 
             context.set_verify(verify_options, verify_cert)
+            if ca_path is None and ca_pemfile is None:
+                ca_path = certifi.where()
             context.load_verify_locations(ca_pemfile, ca_path)
 
         # Workaround for
author	Kyle Morton <kylemorton@google.com>	2015-06-26 14:57:00 -0700
committer	Kyle Morton <kylemorton@google.com>	2015-06-26 14:57:00 -0700
commit	0a2b25187faea1fa29a3b21935cd55294b173bf8 (patch)
tree	ae58e07082abf6e5d4d8f18eb49408e1cde6e2d1 /netlib
parent	8ca103cba5aa0e64ca81477dee6a74a183548336 (diff)
download	mitmproxy-0a2b25187faea1fa29a3b21935cd55294b173bf8.tar.gz mitmproxy-0a2b25187faea1fa29a3b21935cd55294b173bf8.tar.bz2 mitmproxy-0a2b25187faea1fa29a3b21935cd55294b173bf8.zip