Submitted By: Ken Moffat <ken at linuxfromscratch dot org>
Date: 2022-12-01
Initial Package Version: 2.28.1
Changelog: rediff'ed for 2.28.2 (Pierre Labastie)
Changelog: rediff'ed for 2.30.0 (Bruce Dubbs)
Changelog: rediff'ed for 2.32.1 (Bruce Dubbs)
Upstream Status: N/A
Origin: Self, fedora and Arch
Description: Prefer system certificates.

1. Based on what pip does to its vendored requests, use the
 same environment variable to point to the certificates
 instead of the certs from vendored certifi.

2. If that variable is not present, use the system certs.

Note that the variable can be set to point to
/usr/lib/python3.11/site-packages/pip/_vendor/certifi/cacert.pem
if there is a need to use the shipped certificates.

3. Remove the requirement to install system Certifi.

diff -Naur a/src/requests/certs.py b/src/requests/certs.py
--- a/src/requests/certs.py	2023-01-12 17:16:59.000000000 +0100
+++ b/src/requests/certs.py	2023-01-22 09:35:23.075750198 +0100
@@ -11,7 +11,15 @@
 environment, you can change the definition of where() to return a separately
 packaged CA bundle.
 """
-from certifi import where
+
+import os
+
+if "_PIP_STANDALONE_CERT" not in os.environ:
+    def where():
+        return "/etc/pki/tls/certs/ca-bundle.crt"
+else:
+    def where():
+        return os.environ["_PIP_STANDALONE_CERT"]
 
 if __name__ == "__main__":
     print(where())
diff -Naur a/setup.cfg b/setup.cfg
--- a/setup.cfg	2023-01-12 17:24:35.000000000 +0100
+++ b/setup.cfg	2023-01-22 09:38:13.164481842 +0100
@@ -4,7 +4,6 @@
 	socks
 	use_chardet_on_py3
 requires-dist = 
-	certifi>=2017.4.17
 	charset_normalizer>=2,<4
 	idna>=2.5,<4
 	urllib3>=1.21.1,<1.27
diff -Naur a/setup.py b/setup.py
--- a/setup.py	2023-01-12 17:16:59.000000000 +0100
+++ b/setup.py	2023-01-22 09:35:23.075750198 +0100
@@ -62,7 +62,6 @@
     "charset_normalizer>=2,<4",
     "idna>=2.5,<4",
     "urllib3>=1.21.1,<3",
-    "certifi>=2017.4.17",
 ]
 test_requirements = [
     "pytest-httpbin==0.0.7",