The requests library defaults to using the certificates from the
certifi library when not otherwise specified. If I understand the
discussion at #8247 correctly, we should instead patch it so that it
follows the following priority order:
1. the path pointed to by the environment variable $NIX_SSL_CERT_FILE
2. /etc/ssl/certs/ca-certificates.crt
3. whatever it was doing before (in this case, using certifi)
This commit implements that.
The `dev` output is empty anyway.
The problem is that it interacts badly with other parts of python and
stdenv infrastructure. In particular, before this patch it installs
code into `out` output (with only generated `nix-support` in `dev`),
but `makePythonPath` then uses `propagatedBuildInputs` to generate
`PYTHONPATH` while stdenv selects `dev` outputs for
`propagatedBuiltInputs`. This results in `makePythonPath` linking to
the empty `dev` output in `PYTHONPATH`.
This reverts a piece of commit 28299f669a.
This allows the library to interact gracefully with additional certificates
users might have configured in /etc/ssl/certs/ca-certificates.crt via NixOS.