From 548a2ec4052ec91f3ff7b204ab95db7b99085ad7 Mon Sep 17 00:00:00 2001
From: John Doe <johndoe@example.com>
Date: Sat, 21 Sep 2024 20:50:38 -0400
Subject: [PATCH] Detect empty HTTPS contexts.

Some users are relying solely on the certifi package to provide their CA certs, as requests does this by default.

This patch detects this situation and emits a clear warning as well as importing certifi to work around the situation..

Fixes #162 .
---
 github_backup/github_backup.py | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/github_backup/github_backup.py b/github_backup/github_backup.py
index b7b8916..0cb7d8d 100644
--- a/github_backup/github_backup.py
+++ b/github_backup/github_backup.py
@@ -15,6 +15,7 @@ import platform
 import re
 import select
 import socket
+import ssl
 import subprocess
 import sys
 import time
@@ -36,6 +37,18 @@ FNULL = open(os.devnull, "w")
 FILE_URI_PREFIX = "file://"
 logger = logging.getLogger(__name__)
 
+https_ctx = ssl.create_default_context()
+if not https_ctx.get_ca_certs():
+    import warnings
+    warnings.warn('\n\nYOUR DEFAULT CA CERTS ARE EMPTY.\n' +
+                  'PLEASE POPULATE ANY OF:' +
+                  ''.join([
+                    '\n - ' + x
+                    for x in ssl.get_default_verify_paths()
+                    if type(x) is str
+                  ]) + '\n', stacklevel=2)
+    import certifi
+    https_ctx = ssl.create_default_context(cafile=certifi.where())
 
 def logging_subprocess(
     popenargs, stdout_log_level=logging.DEBUG, stderr_log_level=logging.ERROR, **kwargs
@@ -666,7 +679,7 @@ def _get_response(request, auth, template):
     while True:
         should_continue = False
         try:
-            r = urlopen(request)
+            r = urlopen(request, context=https_ctx)
         except HTTPError as exc:
             errors, should_continue = _request_http_error(exc, auth, errors)  # noqa
             r = exc