Remove hard certifi dependency and document.

2026-06-05 22:50:18 +00:00 · 2014-09-04 19:40:15 +01:00
parent 95161ed313
commit a77054f90f
2 changed files with 18 additions and 1 deletions
@@ -741,3 +741,20 @@ coffee.
    r = requests.get('https://github.com', timeout=None)

 .. _`connect()`: http://linux.die.net/man/2/connect
+
+CA Certificates
+---------------
+
+By default Requests bundles a set of root CAs that it trusts, sourced from the
+Mozilla trust store. However, these are only updated once for each Requests
+version. This means that if you pin a Requests version your certificates can
+become extremely out of date.
+
+From Requests version 2.4.0 onwards, Requests will attempt to use certificates
+from `certifi`_ if it is present on the system. This allows for users to update
+their trusted certificates without having to change the code that runs on their
+system.
+
+For the sake of security we recommend upgrading certifi frequently!
+
+.. _certifi: http://certifi.io/
@@ -25,7 +25,7 @@ packages = [
    'requests.packages.urllib3.packages.ssl_match_hostname',
 ]

-requires = ['certifi']
+requires = []

 with open('README.rst') as f:
    readme = f.read()