From a0d1ec82c4cbfd06dbc1ae046471ad8c7802b2f8 Mon Sep 17 00:00:00 2001
From: Justin Workman <xtagon@gmail.com>
Date: Wed, 30 Sep 2015 11:30:01 -0700
Subject: [PATCH] Add ca_certs config option for setting custom CA cert path.

This was necessary to solve an issue on a Heroku deploy where the CA
default bundle was not being detected automatically.
---
 README.rst    | 2 ++
 pilbox/app.py | 5 +++++
 2 files changed, 7 insertions(+)

diff --git a/README.rst b/README.rst
index 938ba6d..5ef0bf8 100644
--- a/README.rst
+++ b/README.rst
@@ -127,6 +127,8 @@ To see a list of all available options, run
       --allowed_hosts            list of allowed hosts (default [])
       --allowed_operations       list of allowed operations (default [])
       --background               default hexadecimal bg color (RGB or ARGB)
+      --ca_certs                 filename of CA certificates in PEM format,
+                                 or None to use defaults
       --client_key               client key
       --client_name              client name
       --config                   path to configuration file
diff --git a/pilbox/app.py b/pilbox/app.py
index 3e23237..713f73c 100755
--- a/pilbox/app.py
+++ b/pilbox/app.py
@@ -59,6 +59,9 @@
 define("max_requests", help="max concurrent requests", type=int, default=40)
 define("timeout", help="request timeout in seconds", type=float, default=10)
 define("implicit_base_url", help="prepend protocol/host to url paths")
+define("ca_certs",
+       help="override filename of CA certificates in PEM format",
+       default=None)
 define("validate_cert", help="validate certificates", type=bool, default=True)
 define("proxy_host", help="proxy hostname")
 define("proxy_port", help="proxy port", type=int)
@@ -108,6 +111,7 @@ def __init__(self, **kwargs):
             max_requests=options.max_requests,
             timeout=options.timeout,
             implicit_base_url=options.implicit_base_url,
+            ca_certs=options.ca_certs,
             validate_cert=options.validate_cert,
             content_type_from_image=options.content_type_from_image,
             proxy_host=options.proxy_host,
@@ -183,6 +187,7 @@ def fetch_image(self):
             resp = yield client.fetch(
                 url,
                 request_timeout=self.settings.get("timeout"),
+                ca_certs=self.settings.get("ca_certs"),
                 validate_cert=self.settings.get("validate_cert"),
                 proxy_host=self.settings.get("proxy_host"),
                 proxy_port=self.settings.get("proxy_port"))