mirror of
https://github.com/kennethreitz/requests3.git
synced 2026-06-05 23:10:16 +00:00
Tomas Hoger
0c14e84c82
Python PEP 476 (Enabling certificate verification by default for stdlib http clients) recommends the use of SSL_CERT_FILE and SSL_CERT_DIR environment variables to point the OpenSSL library used by Python to use specific non-default bundle of trusted CA certificates. https://www.python.org/dev/peps/pep-0476/#trust-database These variables could not have been used to point scripts using requests to a different CA bundle. A different variable, REQUESTS_CA_BUNDLE, is read by requests. CURL_CA_BUNDLE is also used for compatibility with cURL. This commit makes requests also look at SSL_CERT_FILE and SSL_CERT_DIR. They are handled as equivalent to REQUESTS_CA_BUNDLE. As REQUESTS_CA_BUNDLE can point to either certificate file or certificate directory, SSL_CERT_* can also point to a file or directory. There's no attempt to ensure SSL_CERT_FILE can only point to a file and SSL_CERT_DIR to a directory. This is similar to how CURL_CA_BUNDLE is handled - requests allows it to specify certificate directory, while cURL only allows it to specify certificate file. Fixes requests issue #2899: https://github.com/kennethreitz/requests/issues/2899