adding ca cert bundle probe path /usr/local/etc/openssl/cert.pem (macOS)

[fabiant7t]

Added a ca cert bundle probe path /usr/local/etc/openssl/cert.pem that is available on macOS after installing openssl using homebrew. This is a workaround to fix SSL errors with the current version of this packages and macOS.

[aszlig]

Is /usr/local/etc/openssl/cert.pem something that's common on Mac OS X systems or is this only something that's specific to your installation?

Cc: @copumpkin

[copumpkin]

Homebrew puts it there but not all macOS users use homebrew. There’s a more official source of certificates on macOS (the keychain) but it doesn’t really have a file-based interface

[aszlig]

@copumpkin: Ah, thanks for the info.

Hm, maybe it makes sense to switch to something like certifi then, because probing of all kinds of CA bundle paths will end up in madness™.

[fabiant7t]

Homebrew is a third party package manager for macOS (an OS lacking a first party package manager). It's highly likely that ops and dev people have it installed (and updated) on their machines. Those people will be able to use this package as it is again.

Refactoring to use certifi might be a good step to keep the package platform independent. But while users might have fresh root certificates at installation time then, they probably won't ever update this package, resulting in using probably expired/revoked root certs. So discovered cert bundles on the system might still be the first choice.

[farcaller]

If anything, can you at least update the hardcoded CAs to match the current hetzner's digicert root?

[aszlig]

@farcaller: Done. Also pushed a new bugfix release (0.8.1).