Description of problem: Package python2-certifi points to the same CA location than the upstream version "/usr/lib/python2.7/site-packages/certifi/cacert.pem" as per: $ python -m certifi /usr/lib/python2.7/site-packages/certifi/cacert.pem But does not bundle the cacert.pem file as per: $ rpm -ql python2-certifi | grep /usr/lib/python2.7/site-packages/certifi/cacert.pem $ It should either include the file or point to the system bundle (as the Fedora version does): $ python -m certifi /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem Version-Release number of the following components: $ rpm -q python2-certifi python2-certifi-2018.4.16-1.el7.noarch How reproducible: Always Steps to Reproduce: $ python -m certifi /usr/lib/python2.7/site-packages/certifi/cacert.pem Actual results: Pointing to a non-existent file Expected results: Either the following: $ python -m certifi /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem Or the package should include /usr/lib/python2.7/site-packages/certifi/cacert.pem
Package appears to be maintained by Jason Montleon for ASB / APB usage.
Fedora dealt with it like so: https://src.fedoraproject.org/rpms/python-certifi/blob/master/f/certifi-2018.10.15-use-system-cert.patch
@Pablo, thanks for your clarification, /etc/pki/tls/certs/ca-bundle.crt is system file. bash-4.2$ ls /etc/pki/tls/certs/ca-bundle.crt /etc/pki/tls/certs/ca-bundle.crt Move to Verified.
This is also fixed in v4.0+
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2019:0794