From 585cf5e5b8cd86cb3b505acdae5e4b060b28bc2c Mon Sep 17 00:00:00 2001
From: Mike Hommey <mh@glandium.org>
Date: Thu, 26 Dec 2024 14:35:35 +0900
Subject: [PATCH] Use urlopen's context parameter instead of cafile

---
 src/taskgraph/run-task/fetch-content | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/src/taskgraph/run-task/fetch-content b/src/taskgraph/run-task/fetch-content
index adb320969..a02f50cd5 100755
--- a/src/taskgraph/run-task/fetch-content
+++ b/src/taskgraph/run-task/fetch-content
@@ -18,6 +18,7 @@ import os
 import pathlib
 import random
 import re
+import ssl
 import stat
 import subprocess
 import sys
@@ -190,9 +191,11 @@ def stream_download(url, sha256=None, size=None, headers=None):
         req_headers[key.strip()] = val.strip()
 
     req = urllib.request.Request(url, None, req_headers)
-    with urllib.request.urlopen(
-        req, timeout=60, cafile=certifi.where()
-    ) if certifi else urllib.request.urlopen(req, timeout=60) as fh:
+    kwargs = {}
+    if certifi:
+        ssl_context = ssl.create_default_context(cafile=certifi.where())
+        kwargs["context"] = context = ssl_context
+    with urllib.request.urlopen(req, timeout=60, **kwargs) as fh:
         if not url.endswith(".gz") and fh.info().get("Content-Encoding") == "gzip":
             fh = gzip.GzipFile(fileobj=fh)
         else: