Merge pull request #447 from Iamrodos/master

fix: Improve CA certificate detection with fallback chain

github_backup/github_backup.py

@@ -37,22 +37,33 @@ FNULL = open(os.devnull, "w")
 FILE_URI_PREFIX = "file://"
 logger = logging.getLogger(__name__)
 
+# Setup SSL context with fallback chain
 https_ctx = ssl.create_default_context()
-if not https_ctx.get_ca_certs():
+if https_ctx.get_ca_certs():
-    import warnings
+    # Layer 1: Certificates pre-loaded from system (file-based)
-
+    pass
-    warnings.warn(
+else:
-        "\n\nYOUR DEFAULT CA CERTS ARE EMPTY.\n"
+    paths = ssl.get_default_verify_paths()
-        + "PLEASE POPULATE ANY OF:"
+    if (paths.cafile and os.path.exists(paths.cafile)) or (
-        + "".join(
+        paths.capath and os.path.exists(paths.capath)
-            ["\n - " + x for x in ssl.get_default_verify_paths() if type(x) is str]
+    ):
-        )
+        # Layer 2: Cert paths exist, will be lazy-loaded on first use (directory-based)
-        + "\n",
+        pass
-        stacklevel=2,
+    else:
-    )
+        # Layer 3: Try certifi package as optional fallback
+        try:
             import certifi
 
             https_ctx = ssl.create_default_context(cafile=certifi.where())
+        except ImportError:
+            # All layers failed - no certificates available anywhere
+            sys.exit(
+                "\nERROR: No CA certificates found. Cannot connect to GitHub over SSL.\n\n"
+                "Solutions you can explore:\n"
+                "  1. pip install certifi\n"
+                "  2. Alpine: apk add ca-certificates\n"
+                "  3. Debian/Ubuntu: apt-get install ca-certificates\n\n"
+            )
 
 
 def logging_subprocess(

requirements.txt

@@ -1 +0,0 @@
-