From a420f293d6d917bf0ec5f8d885ecbdea5b5ca5b5 Mon Sep 17 00:00:00 2001
From: Dmitriy Rabotyagov <noonedeadpunk@ya.ru>
Date: Mon, 25 Oct 2021 14:10:31 +0300
Subject: [PATCH] Do not fix certifi version

It's not safe to constraint certifi since we need to use latest
CA certificates anytime and not force deployments to use outdated CA
files.

This is inspured with latest Let's Encrypt Root CA rotation, since older
deployments can't reach even opendev because of outdated certifi.

Change-Id: I3eeab01ccb758cf4eeebcb5da8bf0aea1ff77a88
---
 blacklist.txt         | 3 +++
 upper-constraints.txt | 1 -
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/blacklist.txt b/blacklist.txt
index c3a0175f2c..293b9d3f86 100644
--- a/blacklist.txt
+++ b/blacklist.txt
@@ -51,3 +51,6 @@ tempest
 
 # annoying from setuptools
 pkg_resources
+
+# We want to always have latest list of trusted Certificate Authorities
+certifi
diff --git a/upper-constraints.txt b/upper-constraints.txt
index 15e2f9c36f..f289670a17 100644
--- a/upper-constraints.txt
+++ b/upper-constraints.txt
@@ -40,7 +40,6 @@ cursive===0.2.2
 oslo.service===2.7.0
 django-appconf===1.0.5
 pykerberos===1.2.1
-certifi===2021.10.8
 sphinxcontrib-nwdiag===2.0.0
 rbd-iscsi-client===0.1.8
 requests-aws===0.1.8