[Python-modules-commits] [python-tornado] 05/10: remove dependance on certifi

[Ondřej Nový]

This is an automated email from the git hooks/post-receive script.

onovy pushed a commit to branch master
in repository python-tornado.

commit 3647bac45c11b815cb1a44fe0682d3c9de61661e
Author: Julien Puydt <julien.puydt at laposte.net>
Date:   Thu Oct 8 13:13:34 2015 -0700

    remove dependance on certifi
    
     Since Debian is a distribution, we know where the certificates are
     and don't need certifi to find them.
    Forwarded: no
    
    Patch-Name: without-certifi.patch
---
 setup.py                     |  2 +-
 tornado/netutil.py           | 13 ++-----------
 tornado/simple_httpclient.py | 12 +-----------
 3 files changed, 4 insertions(+), 23 deletions(-)

diff --git a/setup.py b/setup.py
index 9eddaef..61ea7f6 100644
--- a/setup.py
+++ b/setup.py
@@ -136,7 +136,7 @@ if setuptools is not None:
         # Certifi is also optional on 2.7.9+, although making our dependencies
         # conditional on micro version numbers seems like a bad idea
         # until we have more declarative metadata.
-        install_requires.append('certifi')
+        # install_requires.append('certifi')
     if sys.version_info < (3, 5):
         install_requires.append('backports_abc>=0.4')
     kwargs['install_requires'] = install_requires
diff --git a/tornado/netutil.py b/tornado/netutil.py
index b7113d6..d5479ec 100644
--- a/tornado/netutil.py
+++ b/tornado/netutil.py
@@ -35,15 +35,6 @@ except ImportError:
     # ssl is not available on Google App Engine
     ssl = None
 
-try:
-    import certifi
-except ImportError:
-    # certifi is optional as long as we have ssl.create_default_context.
-    if ssl is None or hasattr(ssl, 'create_default_context'):
-        certifi = None
-    else:
-        raise
-
 if PY3:
     xrange = range
 
@@ -70,7 +61,7 @@ if hasattr(ssl, 'SSLContext'):
         # Python 3.2-3.3
         _client_ssl_defaults = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
         _client_ssl_defaults.verify_mode = ssl.CERT_REQUIRED
-        _client_ssl_defaults.load_verify_locations(certifi.where())
+        _client_ssl_defaults.load_verify_locations('/etc/ssl/certs/ca-certificates.crt')
         _server_ssl_defaults = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
         if hasattr(ssl, 'OP_NO_COMPRESSION'):
             # Disable TLS compression to avoid CRIME and related attacks.
@@ -81,7 +72,7 @@ if hasattr(ssl, 'SSLContext'):
 elif ssl:
     # Python 2.6-2.7.8
     _client_ssl_defaults = dict(cert_reqs=ssl.CERT_REQUIRED,
-                                ca_certs=certifi.where())
+                                ca_certs='/etc/ssl/certs/ca-certificates.crt')
     _server_ssl_defaults = {}
 else:
     # Google App Engine
diff --git a/tornado/simple_httpclient.py b/tornado/simple_httpclient.py
index 82f8686..ad49675 100644
--- a/tornado/simple_httpclient.py
+++ b/tornado/simple_httpclient.py
@@ -34,18 +34,8 @@ except ImportError:
     # ssl is not available on Google App Engine.
     ssl = None
 
-try:
-    import certifi
-except ImportError:
-    certifi = None
-
-
 def _default_ca_certs():
-    if certifi is None:
-        raise Exception("The 'certifi' package is required to use https "
-                        "in simple_httpclient")
-    return certifi.where()
-
+    return '/etc/ssl/certs/ca-certificates.crt'
 
 class SimpleAsyncHTTPClient(AsyncHTTPClient):
     """Non-blocking HTTP client with no external dependencies.

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/python-modules/packages/python-tornado.git