ssl: on OS X, use a dummy cert to trick Python/OpenSSL to use system CA certs This will give PKI-secure behaviour out of the box, without any configuration. Setting web.cacerts to any value or empty will disable this trick. This dummy cert trick only works on OS X 10.6+, but 10.5 had Python 2.5 which didn't have certificate validation at all.

#!/usr/bin/env python

import errno, os, sys

for f in sys.argv[1:]:
    try:
        print f, '->', os.readlink(f)
    except OSError, err:
        if err.errno != errno.EINVAL:
            raise
        print f, 'not a symlink'

sys.exit(0)