From 4ec5e02d1c821e4687cb3dbbd2662d0398376cb1 Mon Sep 17 00:00:00 2001
From: Adam Williamson <awilliam@redhat.com>
Date: Mon, 12 Jan 2015 18:04:41 -0800
Subject: [PATCH] certfile.patch: use /etc/pki/tls not /etc/ssl/certs, patch
 py3

---
 python-httplib2.certfile.patch | 19 +++++++++++++++++--
 python-httplib2.spec           |  8 +++++++-
 2 files changed, 24 insertions(+), 3 deletions(-)

diff --git a/python-httplib2.certfile.patch b/python-httplib2.certfile.patch
index e8ca5cd..e351169 100644
--- a/python-httplib2.certfile.patch
+++ b/python-httplib2.certfile.patch
@@ -9,8 +9,23 @@ diff -Nur httplib2-0.9.orig/python2/httplib2/__init__.py httplib2-0.9/python2/ht
 -        os.path.dirname(os.path.abspath(__file__ )), "cacerts.txt")
 +#    CA_CERTS = os.path.join(
 +#        os.path.dirname(os.path.abspath(__file__ )), "cacerts.txt")
-+# We use fedora ca bundle file instead, to preserve backward compability.
-+     CA_CERTS = "/etc/ssl/certs/ca-bundle.crt"
++# Use Fedora system-wide shared certificate store for security, consistency.
++    CA_CERTS = "/etc/pki/tls/certs/ca-bundle.crt"
  
  # Which headers are hop-by-hop headers by default
  HOP_BY_HOP = ['connection', 'keep-alive', 'proxy-authenticate', 'proxy-authorization', 'te', 'trailers', 'transfer-encoding', 'upgrade']
+--- httplib2-0.9/python3/httplib2/__init__.py	2014-04-14 05:52:57.000000000 -0700
++++ httplib2-0.9/python3/httplib2/__init__.py.new	2015-01-12 17:22:19.815505848 -0800
+@@ -124,8 +124,10 @@
+ HOP_BY_HOP = ['connection', 'keep-alive', 'proxy-authenticate', 'proxy-authorization', 'te', 'trailers', 'transfer-encoding', 'upgrade']
+ 
+ # Default CA certificates file bundled with httplib2.
+-CA_CERTS = os.path.join(
+-        os.path.dirname(os.path.abspath(__file__ )), "cacerts.txt")
++#CA_CERTS = os.path.join(
++#        os.path.dirname(os.path.abspath(__file__ )), "cacerts.txt")
++# Use Fedora system-wide shared certificate store for security, consistency.
++CA_CERTS = "/etc/pki/tls/certs/ca-bundle.crt"
+ 
+ def _get_end2end_headers(response):
+     hopbyhop = list(HOP_BY_HOP)
diff --git a/python-httplib2.spec b/python-httplib2.spec
index d857d01..b0a661c 100644
--- a/python-httplib2.spec
+++ b/python-httplib2.spec
@@ -10,12 +10,15 @@
 
 Name:           python-httplib2
 Version:        0.9
-Release:        4%{?dist}
+Release:        5%{?dist}
 Summary:        A comprehensive HTTP client library
 Group:          System Environment/Libraries
 License:        MIT
 URL:            https://pypi.python.org/pypi/httplib2
 Source0:        https://pypi.python.org/packages/source/h/httplib2/httplib2-%{version}.tar.gz
+# See also the 'locater plugin' system httplib2 now allows, and
+# https://github.com/dreamhost/httplib2-ca_certs_locater
+# It's kind of problematic, though: https://github.com/jcgregorio/httplib2/issues/293
 Patch1:         %{name}.certfile.patch
 Patch2:         %{name}.getCertHost.patch
 Patch3:         %{name}.rfc2459.patch
@@ -87,6 +90,9 @@ rm -rf $RPM_BUILD_ROOT
 %endif # with_python3
 
 %changelog
+* Mon Jan 12 2015 Adam Williamson <awilliam@redhat.com> - 0.9-5
+- certfile.patch: use /etc/pki/tls not /etc/ssl/certs, patch python3 too
+
 * Mon Jun 30 2014 Toshio Kuratomi <toshio@fedoraproject.org> - 0.9-4
 - Replace python-setuptools-devel BR with python-setuptools