Upstream issue here: https://github.com/requests/requests/issues/2966 Our ebuilds prior to 2.18.1 have this patch: https://github.com/gentoo/gentoo/blob/master/dev-python/requests/files/requests-2.5.0-system-cacerts.patch
A workaround is to use the REQUESTS_CA_BUNDLE or CURL_CA_BUNDLE environment variable to make it use the /etc/ssl/certs/ca-certificates.crt bundle: https://github.com/requests/requests/commit/596ca83f0c66460deb82af07b13ce724b9f46474
Spent quite a while today trying to figure out why almost no Python applications could connect to internal services any more. Was there a reason this patch was dropped? Did I somehow miss a notification about it?
Please feel free to restore that patch; I suspect it was dropped due to a lazy bump by a non-maintainer.
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=379c608ca8747713fbc50205e254662d3f39517e commit 379c608ca8747713fbc50205e254662d3f39517e Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2018-04-22 20:47:03 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2018-04-23 15:32:26 +0000 dev-python/certifi: Bump to v2018.04.16 Ebuild changes: =============== - We no longer install bundled cacert.pem. Instead we refer to system's CA store. Closes: https://github.com/gentoo/gentoo/pull/8109 Closes: https://bugs.gentoo.org/627558 Package-Manager: Portage-2.3.31, Repoman-2.3.9 dev-python/certifi/Manifest | 1 + dev-python/certifi/certifi-2018.4.16.ebuild | 43 ++++++++++++++++++++++ .../certifi-2018.4.16-use-system-cacerts.patch | 15 ++++++++ 3 files changed, 59 insertions(+)