Use capath instead of cafile for http tests

test/integration/targets/prepare_http_tests/handlers/main.yml

@@ -2,3 +2,11 @@
   pip:
     name: gssapi
     state: absent
+
+- name: Remove cacert from capath
+  file:
+    state: absent
+    path: "{{ capath.stdout }}/ansible-http-test.pem"
+
+- name: Unregister cacert
+  command: openssl rehash {{ capath.stdout }}

test/integration/targets/prepare_http_tests/tasks/default.yml

@@ -45,11 +45,20 @@
         return_content: true
       register: cacert_pem
 
-    - name: Locate cacert
-      command: '{{ ansible_python_interpreter }} -c "import ssl; print(ssl.get_default_verify_paths().cafile)"'
-      register: cafile_path
-
-    - name: Update cacert
-      blockinfile:
-        path: "{{ cafile_path.stdout_lines|first }}"
-        block: "{{ cacert_pem.content }}"
+    - name: Locate capath
+      command: '{{ ansible_python_interpreter }} -c "import ssl; print(ssl.get_default_verify_paths().capath)"'
+      register: capath
+
+    - name: Assert capath is set
+      assert:
+        that: capath.stdout
+
+    - name: Add cacert to capath
+      copy:
+        content: "{{ cacert_pem.content }}"
+        dest: "{{ capath.stdout }}/ansible-http-test.pem"
+      notify: Remove cacert from capath
+
+    - name: Register cacert
+      command: openssl rehash {{ capath.stdout }}
+      notify: Unregister cacert