From eb7d16bb3d3372352fac191c9cf81183e291d7c0 Mon Sep 17 00:00:00 2001 From: Trevor Bergeron Date: Fri, 13 May 2022 16:49:06 -0400 Subject: [PATCH] config, backends: don't manually hunt for CA paths --- sopel/config/core_section.py | 32 +++----------------------------- 1 file changed, 3 insertions(+), 29 deletions(-) diff --git a/sopel/config/core_section.py b/sopel/config/core_section.py index f8a62bdb8f..5c25f10a77 100644 --- a/sopel/config/core_section.py +++ b/sopel/config/core_section.py @@ -1,7 +1,5 @@ from __future__ import annotations -import os.path - from sopel.config.types import ( BooleanAttribute, ChoiceAttribute, @@ -23,29 +21,6 @@ """Default URL schemes allowed for URLs.""" -def _find_certs(): - """Find the TLS root CA store. - - :returns: path to CA store file - :rtype: str - """ - # check if the root CA store is at a known location - locations = [ - '/etc/pki/tls/cert.pem', # best first guess - '/etc/ssl/certs/ca-certificates.crt', # Debian - '/etc/ssl/cert.pem', # FreeBSD base OpenSSL - '/usr/local/openssl/cert.pem', # FreeBSD userland OpenSSL - '/etc/pki/tls/certs/ca-bundle.crt', # RHEL 6 / Fedora - '/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem', # RHEL 7 / CentOS - '/etc/pki/tls/cacert.pem', # OpenELEC - '/etc/ssl/ca-bundle.pem', # OpenSUSE - ] - for certs in locations: - if os.path.isfile(certs): - return certs - return None - - def configure(config): """Interactively configure the bot's ``[core]`` config section. @@ -228,8 +203,8 @@ class CoreSection(StaticSection): """ - ca_certs = FilenameAttribute('ca_certs', default=_find_certs()) - """The path to the CA certs ``.pem`` file. + ca_certs = FilenameAttribute('ca_certs') + """The path to the CA certs ``PEM`` file. Example: @@ -237,8 +212,7 @@ class CoreSection(StaticSection): ca_certs = /etc/ssl/certs/ca-certificates.crt - If not specified, Sopel will try to find the certificate trust store - itself from a set of known locations. + If not specified, the system default will be used. If the given value is not an absolute path, it will be interpreted relative to the directory containing the config file with which Sopel was started.