From d5cf3b8246855443dff2e73e6835995698b3f3c3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sybren=20A=2E=20St=C3=BCvel?= <sybren@stuvel.eu>
Date: Fri, 5 Aug 2016 16:37:33 +0200
Subject: [PATCH] Moved TLS cert file to post() call instead of session.

Another way to make it work is to set it on the session, and explicitly
specify verify=True in the post() call.
---
 pillar/api/blender_id.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pillar/api/blender_id.py b/pillar/api/blender_id.py
index c9db2962..57568017 100644
--- a/pillar/api/blender_id.py
+++ b/pillar/api/blender_id.py
@@ -167,12 +167,12 @@ def validate_token(user_id, token, oauth_subclient_id):
     # Retry a few times when POSTing to BlenderID fails.
     # Source: http://stackoverflow.com/a/15431343/875379
     s = requests.Session()
-    s.verify = current_app.config['TLS_CERT_FILE']
     s.mount(blender_id_endpoint(), HTTPAdapter(max_retries=5))
 
     # POST to Blender ID, handling errors as negative verification results.
     try:
-        r = s.post(url, data=payload, timeout=5)
+        r = s.post(url, data=payload, timeout=5,
+                   verify=current_app.config['TLS_CERT_FILE'])
     except requests.exceptions.ConnectionError as e:
         log.error('Connection error trying to POST to %s, handling as invalid token.', url)
         return None, None