File python-2.7.3-ssl_ca_path.patch of Package python-base

Index: Python-2.7.5/Modules/_ssl.c
===================================================================
--- Python-2.7.5.orig/Modules/_ssl.c
+++ Python-2.7.5/Modules/_ssl.c
@@ -271,6 +271,7 @@ newPySSLObject(PySocketSockObject *Sock,
     char *errstr = NULL;
     int ret;
     int verification_mode;
+    struct stat stat_buf;
 
     self = PyObject_New(PySSLObject, &PySSL_Type); /* Create new object */
     if (self == NULL)
@@ -327,20 +328,32 @@ newPySSLObject(PySocketSockObject *Sock,
 
     if (certreq != PY_SSL_CERT_NONE) {
         if (cacerts_file == NULL) {
-            errstr = ERRSTR("No root certificates specified for "
-                            "verification of other-side certificates.");
-            goto fail;
-        } else {
             PySSL_BEGIN_ALLOW_THREADS
-            ret = SSL_CTX_load_verify_locations(self->ctx,
-                                                cacerts_file,
-                                                NULL);
+            ret = SSL_CTX_set_default_verify_paths(self->ctx);
             PySSL_END_ALLOW_THREADS
-            if (ret != 1) {
-                _setSSLError(NULL, 0, __FILE__, __LINE__);
-                goto fail;
+        } else {
+            /* If cacerts_file is a directory-based cert store, pass it as the
+               third parameter, CApath, instead
+            */
+            if (stat(cacerts_file, &stat_buf) == 0 && S_ISDIR(stat_buf.st_mode)) {
+                PySSL_BEGIN_ALLOW_THREADS
+                ret = SSL_CTX_load_verify_locations(self->ctx,
+                                                    NULL,
+                                                    cacerts_file);
+                PySSL_END_ALLOW_THREADS
+            } else {
+                PySSL_BEGIN_ALLOW_THREADS
+                ret = SSL_CTX_load_verify_locations(self->ctx,
+                                                    cacerts_file,
+                                                    NULL);
+                PySSL_END_ALLOW_THREADS
             }
         }
+
+        if (ret != 1) {
+            _setSSLError(NULL, 0, __FILE__, __LINE__);
+            goto fail;
+        }
     }
     if (key_file) {
         PySSL_BEGIN_ALLOW_THREADS