From 553f74e410d58daef87b784c38d47226b21aca45 Mon Sep 17 00:00:00 2001
From: Sriram Raghu <imbuedhope@gmail.com>
Date: Sun, 24 Feb 2019 13:24:40 -0500
Subject: [PATCH 1/3] added hooks for git_libgit2_opts
 GIT_OPT_SET_SSL_CERT_LOCATIONS in C

---
 src/options.c | 30 ++++++++++++++++++++++++++++++
 src/pygit2.c  |  1 +
 2 files changed, 31 insertions(+)

diff --git a/src/options.c b/src/options.c
index 492853d1d..38375b7aa 100644
--- a/src/options.c
+++ b/src/options.c
@@ -272,6 +272,36 @@ option(PyObject *self, PyObject *args)
             return tup;
         }
 
+        case GIT_OPT_SET_SSL_CERT_LOCATIONS:
+        {
+            PyObject *py_file, *py_dir;
+            const char *file_path, *dir_path;
+            int err;
+
+            py_file = PyTuple_GetItem(args, 1);
+            py_dir = PyTuple_GetItem(args, 2);
+
+            /* py_file and py_dir are only valid if they are strings */
+            if (PyUnicode_Check(py_file) || PyBytes_Check(py_file)) {
+                file_path = py_str_to_c_str(py_file, Py_FileSystemDefaultEncoding);
+            } else {
+                file_path = NULL;
+            }
+
+            if (PyUnicode_Check(py_dir) || PyBytes_Check(py_dir)) {
+                dir_path = py_str_to_c_str(py_dir, Py_FileSystemDefaultEncoding);
+            } else {
+                dir_path = NULL;
+            }
+
+            err = git_libgit2_opts(GIT_OPT_SET_SSL_CERT_LOCATIONS, file_path, dir_path);
+
+            if (err < 0)
+                return Error_set(err);
+
+            Py_RETURN_NONE;
+        }
+
     }
 
     PyErr_SetString(PyExc_ValueError, "unknown/unsupported option value");
diff --git a/src/pygit2.c b/src/pygit2.c
index c88b41b27..33abc88f2 100644
--- a/src/pygit2.c
+++ b/src/pygit2.c
@@ -241,6 +241,7 @@ moduleinit(PyObject* m)
     ADD_CONSTANT_INT(m, GIT_OPT_GET_CACHED_MEMORY);
     ADD_CONSTANT_INT(m, GIT_OPT_ENABLE_CACHING);
     ADD_CONSTANT_INT(m, GIT_OPT_SET_CACHE_MAX_SIZE);
+    ADD_CONSTANT_INT(m, GIT_OPT_SET_SSL_CERT_LOCATIONS);
 
     /* Errors */
     GitError = PyErr_NewException("_pygit2.GitError", NULL, NULL);

From 333c7ba35c6554e484422f5d38a98462b83f4d9c Mon Sep 17 00:00:00 2001
From: Sriram Raghu <imbuedhope@gmail.com>
Date: Sun, 24 Feb 2019 13:57:14 -0500
Subject: [PATCH 2/3] added support for setting ssl cert locations in
 pygit2.settings

---
 pygit2/settings.py | 28 +++++++++++++++++++++++++++-
 1 file changed, 27 insertions(+), 1 deletion(-)

diff --git a/pygit2/settings.py b/pygit2/settings.py
index 9d5fd2f6a..5c8540abf 100644
--- a/pygit2/settings.py
+++ b/pygit2/settings.py
@@ -33,7 +33,7 @@
 from _pygit2 import GIT_OPT_GET_CACHED_MEMORY
 from _pygit2 import GIT_OPT_ENABLE_CACHING
 from _pygit2 import GIT_OPT_SET_CACHE_MAX_SIZE
-
+from _pygit2 import GIT_OPT_SET_SSL_CERT_LOCATIONS
 
 class SearchPathList(object):
 
@@ -101,4 +101,30 @@ def cache_object_limit(self, object_type, value):
         """
         return option(GIT_OPT_SET_CACHE_OBJECT_LIMIT, object_type, value)
 
+    def __set_ssl_cert_file(self, value):
+        """Set the ssl cert file. The value cannot be read.
+        """
+        return option(GIT_OPT_SET_SSL_CERT_LOCATIONS, value, None)
+
+    ssl_cert_file = property(fset=__set_ssl_cert_file)
+
+    def __set_ssl_cert_dir(self, value):
+        """Set the ssl cert folder. The value cannot be read.
+        """
+        return option(GIT_OPT_SET_SSL_CERT_LOCATIONS, None, value)
+
+    ssl_cert_dir = property(fset=__set_ssl_cert_dir)
+
+    def __set_ssl_cert_locations(self, locations):
+        """
+        Passes both file_path and dir_path to libgit2.
+
+        locations must be a list/tuple type with the the file path
+        at index 0 and the directory path at index 1
+
+        The values set cannot be read.
+        """
+        return option(GIT_OPT_SET_SSL_CERT_LOCATIONS, locations[0], locations[1])
+
+    _ssl_cert_locations = property(fset=__set_ssl_cert_locations)
 

From ecc2d9147a1106559bf0b0f659ef11fde48b514f Mon Sep 17 00:00:00 2001
From: Sriram Raghu <imbuedhope@gmail.com>
Date: Sun, 24 Feb 2019 14:19:06 -0500
Subject: [PATCH 3/3] set ssl cert location by default based on the ssl module

---
 pygit2/__init__.py | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/pygit2/__init__.py b/pygit2/__init__.py
index 0cdc283cf..e460014b1 100644
--- a/pygit2/__init__.py
+++ b/pygit2/__init__.py
@@ -28,6 +28,9 @@
 # Import from the future
 from __future__ import absolute_import
 
+# Import from core python modules
+from ssl import get_default_verify_paths as default_ssl_verify_paths
+
 # Low level API
 from _pygit2 import *
 
@@ -267,3 +270,9 @@ def clone_repository(
     return Repository._from_c(crepo[0], owned=True)
 
 settings = Settings()
+
+try:
+    # try to set default ssl cert locations
+    settings._ssl_cert_locations = default_ssl_verify_paths()
+except:
+    pass