From 4baac6572573945f49b3b3df7b7ea27f15955477 Mon Sep 17 00:00:00 2001
From: Clark Boylan <clark.boylan@gmail.com>
Date: Sat, 27 May 2017 20:53:20 -0700
Subject: [PATCH] Use proper python when configuring certs

We have to do silly overrides of cert locations for requests for
reasons. If we are running under python3 then we were previously looking
in the wrong location for the requests certs. Update the cert fixing
function to properly use python3 to find the certs if python3 is
enabled.

Change-Id: Id1369da0d812edcf9b1204e9c567f8bfe77c48b2
---
 lib/tls  | 3 ++-
 stack.sh | 3 +++
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/lib/tls b/lib/tls
index 7c6b967bc4..65c2cba300 100644
--- a/lib/tls
+++ b/lib/tls
@@ -345,7 +345,8 @@ function make_root_CA {
 function fix_system_ca_bundle_path {
     if is_service_enabled tls-proxy; then
         local capath
-        capath=$(python -c $'try:\n from requests import certs\n print certs.where()\nexcept ImportError: pass')
+        local python_cmd=${1:-python}
+        capath=$($python_cmd -c $'try:\n from requests import certs\n print (certs.where())\nexcept ImportError: pass')
 
         if [[ ! $capath == "" && ! $capath =~ ^/etc/.* && ! -L $capath ]]; then
             if is_fedora; then
diff --git a/stack.sh b/stack.sh
index 7a24ed947f..1615b1c046 100755
--- a/stack.sh
+++ b/stack.sh
@@ -888,6 +888,9 @@ fi
 
 if is_service_enabled tls-proxy; then
     fix_system_ca_bundle_path
+    if python3_enabled ; then
+        fix_system_ca_bundle_path python3
+    fi
 fi
 
 # Extras Install