From 5bef31fa85eac68530bd89898b8489d99752d6b4 Mon Sep 17 00:00:00 2001
From: Randall Burt <randall.burt@rackspace.com>
Date: Thu, 23 Jan 2014 20:09:38 -0600
Subject: [PATCH] Add more default CA paths

Added the default CA path for Mac OSX as well as the bundled
CA pem that comes with the requests module.

Change-Id: Icb202e04de48b75c43b5ce183e55d2e9e44f72b4
Closes-Bug: #1266581
---
 heatclient/common/http.py | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/heatclient/common/http.py b/heatclient/common/http.py
index 1843933e..fd1cf29b 100644
--- a/heatclient/common/http.py
+++ b/heatclient/common/http.py
@@ -34,15 +34,19 @@ CHUNKSIZE = 1024 * 64  # 64kB
 def get_system_ca_file():
     """Return path to system default CA file."""
     # Standard CA file locations for Debian/Ubuntu, RedHat/Fedora,
-    # Suse, FreeBSD/OpenBSD
+    # Suse, FreeBSD/OpenBSD, MacOSX, and the bundled ca
     ca_path = ['/etc/ssl/certs/ca-certificates.crt',
                '/etc/pki/tls/certs/ca-bundle.crt',
                '/etc/ssl/ca-bundle.pem',
-               '/etc/ssl/cert.pem']
+               '/etc/ssl/cert.pem',
+               '/System/Library/OpenSSL/certs/cacert.pem',
+               requests.certs.where()]
     for ca in ca_path:
+        LOG.debug("Looking for ca file %s", ca)
         if os.path.exists(ca):
+            LOG.debug("Using ca file %s", ca)
             return ca
-        return None
+    LOG.warn("System ca file could not be found.")
 
 
 class HTTPClient(object):