From ccdd41d0585e665f096c6efba7837c49ac2ef442 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Hannes=20Gr=C3=A4uler?= <graeuler@geoplex.de>
Date: Sat, 22 Apr 2017 15:47:03 +0200
Subject: [PATCH] Use certifi also for check-update and HTTP up/downloads

---
 syncrypt/pipes/http.py    | 18 +++++++++++++-----
 syncrypt/utils/updates.py | 10 ++++++++--
 2 files changed, 21 insertions(+), 7 deletions(-)

diff --git a/syncrypt/pipes/http.py b/syncrypt/pipes/http.py
index 08b9fa6..913e617 100644
--- a/syncrypt/pipes/http.py
+++ b/syncrypt/pipes/http.py
@@ -1,22 +1,30 @@
+import asyncio
 import logging
-import sys
 import os.path
 import shutil
-import aiohttp
+import ssl
+import sys
 
 import aiofiles
-import asyncio
+import aiohttp
+import certifi
 
-from .base import Pipe, Sink, Source, Limit, BufferedFree
+from .base import BufferedFree, Limit, Pipe, Sink, Source
 
 logger = logging.getLogger(__name__)
 
 class AiohttpClientSessionMixin():
     def init_client(self, client, headers={}):
+        sslcontext = ssl.create_default_context(cafile=certifi.where())
+        conn = aiohttp.TCPConnector(ssl_context=sslcontext)
         if client:
             self.client_owned, self.client = False, client
         else:
-            self.client_owned, self.client = True, aiohttp.ClientSession(headers=headers, skip_auto_headers=["Content-Type", "User-Agent"])
+            self.client_owned, self.client = True, aiohttp.ClientSession(
+                    connector=conn,
+                    headers=headers,
+                    skip_auto_headers=["Content-Type", "User-Agent"]
+                    )
 
     @asyncio.coroutine
     def close_client(self):
diff --git a/syncrypt/utils/updates.py b/syncrypt/utils/updates.py
index f05dac5..748d4c9 100644
--- a/syncrypt/utils/updates.py
+++ b/syncrypt/utils/updates.py
@@ -1,7 +1,11 @@
 import asyncio
+import ssl
+from distutils.version import LooseVersion
+
 import aiohttp
+import certifi
+
 import syncrypt
-from distutils.version import LooseVersion
 
 # The endpoint should return something along the lines of:
 # { "darwin": "x.y.z", "linux": "x.y.z", "win": "x.y.z" }
@@ -9,7 +13,9 @@
 
 @asyncio.coroutine
 def retrieve_available_version(platform_id):
-    with aiohttp.ClientSession() as c:
+    sslcontext = ssl.create_default_context(cafile=certifi.where())
+    conn = aiohttp.TCPConnector(ssl_context=sslcontext)
+    with aiohttp.ClientSession(connector=conn) as c:
         r = yield from c.get(CURRENT_ENDPOINT)
         content = yield from r.json()
         return content[platform_id]