Bug 1582726 - use cafile from certifi when available r=dustin a=busta…

…ge-fix python's `urllib.request.urlopen(url)` can fail when a system doesn't know how to verify a ca certificate. this patch makes use of the cafile provided by the `certifi` module, if/when it is installed, to verify certificates. Differential Revision: https://phabricator.services.mozilla.com/D47044 --HG-- extra : source : 92b9ffc8f37ddd16ca3f426d64df059eea38d5fa extra : intermediate-source : 1558d8641ac56a9446e7179d52c3d97e52f912f8
sailfishos · Sep 26, 2019 · 5f2a4fa · 5f2a4fa
1 parent 8139ba5
commit 5f2a4fa
Showing 1 changed file with 6 additions and 1 deletion.
diff --git a/taskcluster/scripts/misc/fetch-content b/taskcluster/scripts/misc/fetch-content
@@ -25,6 +25,11 @@ try:
 except ImportError:
     zstandard = None
 
+try:
+    import certifi
+except ImportError:
+    certifi = None
+
 
 CONCURRENCY = multiprocessing.cpu_count()
 
@@ -132,7 +137,7 @@ def stream_download(url, sha256=None, size=None):
     length = 0
 
     t0 = time.time()
-    with urllib.request.urlopen(url) as fh:
+    with urllib.request.urlopen(url, cafile=certifi.where()) if certifi else urllib.request.urlopen(url) as fh:
         if not url.endswith('.gz') and fh.info().get('Content-Encoding') == 'gzip':
             fh = gzip.GzipFile(fileobj=fh)