2 files changed, 8 insertions, 3 deletions

diff --git a/changes/bug-3362_check-for-cacert-existence-before-use b/changes/bug-3362_check-for-cacert-existence-before-use
new file mode 100644
index 00000000..5f69f193
--- /dev/null
+++ b/changes/bug-3362_check-for-cacert-existence-before-use
@@ -0,0 +1 @@
+  o Verify cacert existence before using it. Closes bug #3362.
diff --git a/src/leap/services/eip/providerbootstrapper.py b/src/leap/services/eip/providerbootstrapper.py
index 723475b8..bf5938dc 100644
--- a/src/leap/services/eip/providerbootstrapper.py
+++ b/src/leap/services/eip/providerbootstrapper.py
@@ -29,7 +29,7 @@ from PySide import QtCore
 from leap.common.certs import get_digest
 from leap.common.files import check_and_fix_urw_only, get_mtime, mkdir_p
 from leap.common.check import leap_assert, leap_assert_type, leap_check
-from leap.config.providerconfig import ProviderConfig
+from leap.config.providerconfig import ProviderConfig, MissingCACert
 from leap.util.request_helpers import get_content
 from leap.util.constants import REQUEST_TIMEOUT
 from leap.services.abstractbootstrapper import AbstractBootstrapper
@@ -147,8 +147,12 @@ class ProviderBootstrapper(AbstractBootstrapper):
         if mtime:  # the provider.json exists
             provider_config = ProviderConfig()
             provider_config.load(provider_json)
-            uri = provider_config.get_api_uri() + '/provider.json'
-            verify = provider_config.get_ca_cert_path()
+            try:
+                verify = provider_config.get_ca_cert_path()
+                uri = provider_config.get_api_uri() + '/provider.json'
+            except MissingCACert:
+                # get_ca_cert_path fails if the certificate does not exists.
+                pass
 
         logger.debug("Requesting for provider.json... "
                      "uri: {0}, verify: {1}, headers: {2}".format(