From 6fe96fa47300c6da0088d6209a2c3f90b0a3f8a1 Mon Sep 17 00:00:00 2001
From: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Date: Mon, 1 Jul 2024 11:05:08 +0200
Subject: [PATCH] revocation_notifier: Explicitly add CA certificate bundle

This is a workaround for the regression added by `python-requests`
version `2.32.3`

Resolves: #1569

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
---
 keylime/revocation_notifier.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/keylime/revocation_notifier.py b/keylime/revocation_notifier.py
index 112012b8f..5724af486 100644
--- a/keylime/revocation_notifier.py
+++ b/keylime/revocation_notifier.py
@@ -140,7 +140,7 @@ def worker_webhook(tosend: Dict[str, Any], url: str) -> None:
             for i in range(config.getint("verifier", "max_retries")):
                 next_retry = retry.retry_time(exponential_backoff, interval, i, logger)
                 try:
-                    response = session.post(url, json=tosend, timeout=5)
+                    response = session.post(url, json=tosend, timeout=5, verify=requests.utils.DEFAULT_CA_BUNDLE_PATH)
                     if response.status_code in [200, 202]:
                         break