Default to using the CA store

Depends on slixmpp!209.

This prevents us from having to manually add every single
ca-certificates paths out there. It does allow users still to use their
custom CA.

Signed-off-by: Maxime “pep” Buquet <pep@bouah.net>

data/default_config.cfg

@@ -84,8 +84,8 @@ certificate =
 # keep the same for obvious reasons, so this is a good option if your server
 # does this, rather than skipping all verifications.
 # This is not affected by ignore_certificate
-# Poezio attempts to guess this value automatically. Set to override this
-# behaviour, to the empty string for example, or to another path.
+# Poezio attempts to guess this value automatically if empty. To override this
+# behaviour, set the value to another path.
 #ca_cert_path =
 
 # Auto-reconnects you when you get disconnected from the server

poezio/config.py

@@ -30,16 +30,6 @@ ConfigDict = Dict[str, Dict[str, ConfigValue]]
 
 USE_DEFAULT_SECTION = '__DEFAULT SECTION PLACEHOLDER__'
 
-CA_CERT_DEFAULT_PATHS = {
-    '/etc/ssl/cert.pem',
-    '/etc/ssl/certs/ca-certificates.crt',
-    '/etc/ssl/certs/ca-bundle.crt',
-    '/etc/pki/tls/certs/ca-bundle.crt',
-    '/etc/ssl/certs/ca-certificates.crt',
-    '/etc/ca-certificates/extracted/tls-ca-bundle.pem',
-    '/etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt',
-}
-
 DEFAULT_CONFIG: ConfigDict = {
     'Poezio': {
         'ack_message_receipts': True,
@@ -51,7 +41,7 @@ DEFAULT_CONFIG: ConfigDict = {
         'autorejoin_delay': '5',
         'autorejoin': False,
         'beep_on': 'highlight private invite disconnect',
-        'ca_cert_path': ':'.join(CA_CERT_DEFAULT_PATHS),
+        'ca_cert_path': '',
         'certificate': '',
         'certfile': '',
         'ciphers': 'HIGH+kEDH:HIGH+kEECDH:HIGH:!PSK:!SRP:!3DES:!aNULL',