From 3d4bfa4276194c1bdaee55fe06c163927ec4a9be Mon Sep 17 00:00:00 2001
From: Dennis Schwertel <dennisschwertel@gmail.com>
Date: Mon, 3 Dec 2018 09:52:31 +0100
Subject: [PATCH] removed certifi fix

---
 stack/fix_certifi_hack.pth |  1 -
 stack/fix_certifi_hack.py  | 30 ------------------------------
 stack/install.sh           |  3 ---
 3 files changed, 34 deletions(-)
 delete mode 100644 stack/fix_certifi_hack.pth
 delete mode 100644 stack/fix_certifi_hack.py

diff --git a/stack/fix_certifi_hack.pth b/stack/fix_certifi_hack.pth
deleted file mode 100644
index 1c03833..0000000
--- a/stack/fix_certifi_hack.pth
+++ /dev/null
@@ -1 +0,0 @@
-import fix_certifi_hack
diff --git a/stack/fix_certifi_hack.py b/stack/fix_certifi_hack.py
deleted file mode 100644
index 0964f83..0000000
--- a/stack/fix_certifi_hack.py
+++ /dev/null
@@ -1,30 +0,0 @@
-# Workaround for openssl<1.0.2 not supporting 2048bit certificates correctly
-# (newest certifi packages only provide 2048bit certs by default)
-# This is a nasty place to put this code, but other places did not work.
-# e.g setting REQUESTS_CA_BUNDLE globally breaks pip install, since it also
-# uses a vendored in version of requests under the hood.
-import sys
-import os
-
-
-if 'REQUESTS_CA_BUNDLE' not in os.environ:
-    try:
-        import certifi
-    except ImportError:
-        # certifi not installed - no need to do any thing.
-        # requests will use the outdated bundled certs.
-        # Not ideal, but nothing we can do.
-        pass
-    else:
-        import ssl
-        from distutils.version import LooseVersion
-        v_installed = ssl.OPENSSL_VERSION.split(" ")[1]
-        v_2048bit_capable = '1.0.2'
-        if LooseVersion(v_installed) < LooseVersion(v_2048bit_capable):
-            # OpenSSL<1.0.2 can't handle 2048bit certs. Use the less secure,
-            # but up-to-date and working 1024bit certs from certifi.
-            os.environ['REQUESTS_CA_BUNDLE'] = certifi.old_where()
-        else:
-            # we have OpenSSL>=1.0.2, so using the default up-to-date 2048bit
-            # certs will not be a problem.
-            pass
diff --git a/stack/install.sh b/stack/install.sh
index b35c3b1..b02b00b 100755
--- a/stack/install.sh
+++ b/stack/install.sh
@@ -12,6 +12,3 @@ ${BASEDIR}/ngx_pagespeed.sh
 ${BASEDIR}/nvm.sh
 cp ${BASEDIR}/add_addons_dev_to_syspath.py ${PYTHON_SITE_PACKAGES_ROOT}/add_addons_dev_to_syspath.py
 cp ${BASEDIR}/add_addons_dev_to_syspath.pth ${PYTHON_SITE_PACKAGES_ROOT}/add_addons_dev_to_syspath.pth
-# TODO: check if this hack is needed in python3
-cp ${BASEDIR}/fix_certifi_hack.py ${PYTHON_SITE_PACKAGES_ROOT}/fix_certifi_hack.py
-cp ${BASEDIR}/fix_certifi_hack.pth ${PYTHON_SITE_PACKAGES_ROOT}/fix_certifi_hack.pth