Submitted By: Ken Moffat Date: 2022-12-01 Initial Package Version: 2.28.1 Changelog: rediff'ed for 2.28.2 (Pierre Labastie) Changelog: rediff'ed for 2.30.0 (Bruce Dubbs) Changelog: rediff'ed for 2.32.1 (Bruce Dubbs) Upstream Status: N/A Origin: Self, fedora and Arch Description: Prefer system certificates. 1. Based on what pip does to its vendored requests, use the same environment variable to point to the certificates instead of the certs from vendored certifi. 2. If that variable is not present, use the system certs. Note that the variable can be set to point to /usr/lib/python3.11/site-packages/pip/_vendor/certifi/cacert.pem if there is a need to use the shipped certificates. 3. Remove the requirement to install system Certifi. diff -Naur a/src/requests/certs.py b/src/requests/certs.py --- a/src/requests/certs.py 2023-01-12 17:16:59.000000000 +0100 +++ b/src/requests/certs.py 2023-01-22 09:35:23.075750198 +0100 @@ -11,7 +11,15 @@ environment, you can change the definition of where() to return a separately packaged CA bundle. """ -from certifi import where + +import os + +if "_PIP_STANDALONE_CERT" not in os.environ: + def where(): + return "/etc/pki/tls/certs/ca-bundle.crt" +else: + def where(): + return os.environ["_PIP_STANDALONE_CERT"] if __name__ == "__main__": print(where()) diff -Naur a/setup.cfg b/setup.cfg --- a/setup.cfg 2023-01-12 17:24:35.000000000 +0100 +++ b/setup.cfg 2023-01-22 09:38:13.164481842 +0100 @@ -4,7 +4,6 @@ socks use_chardet_on_py3 requires-dist = - certifi>=2017.4.17 charset_normalizer>=2,<4 idna>=2.5,<4 urllib3>=1.21.1,<1.27 diff -Naur a/setup.py b/setup.py --- a/setup.py 2023-01-12 17:16:59.000000000 +0100 +++ b/setup.py 2023-01-22 09:35:23.075750198 +0100 @@ -62,7 +62,6 @@ "charset_normalizer>=2,<4", "idna>=2.5,<4", "urllib3>=1.21.1,<3", - "certifi>=2017.4.17", ] test_requirements = [ "pytest-httpbin==0.0.7",