diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py
--- a/Lib/test/test_ssl.py
+++ b/Lib/test/test_ssl.py
@@ -632,6 +632,25 @@
 
 
 class NetworkedTests(unittest.TestCase):
+    if sys.platform == 'darwin':
+        # Apple's installation of OpenSSL in /usr/lib is patched to
+        # integrate with Apple's KeyChain. OpenSSL will verify certificates
+        # using the CA roots that are part of the system and user keychains,
+        # unless that code is disabled using an environment variable.
+        #
+        # The setUp method below sets that environment variable to avoid
+        # spurious test failures on OSX machines that happen to have
+        # the CAcert.org root certificate in the Keychain.
+        #
+
+        def setUp(self):
+            self._orig_env = os.environ
+            os.environ = os.environ.copy()
+            self.addCleanup(lambda: setattr(os, 'environ', self._orig_env))
+
+            os.putenv('OPENSSL_X509_TEA_DISABLE', '1')
+            self.addCleanup(lambda: os.putenv('OPENSSL_X509_TEA_DISABLE', ''))
+
 
     def test_connect(self):
         with support.transient_internet("svn.python.org"):