Skip to content

automatically use system certs via truststore #1944

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
omenos wants to merge 1 commit into
base: develop
Choose a base branch
from
Open

automatically use system certs via truststore #1944

omenos wants to merge 1 commit into from

Conversation

@omenos
Copy link

@omenos omenos commented Dec 16, 2025
edited
Loading

requests defaults to using the certificate trust provided by certifi, which precludes the inclusion of custom trusted certificates. Rather than needing to set the REQUESTS_CA_BUNDLE environment variable in every shell/config, use truststore to override the way certs are read and automatically use the system trust store.

This will only happen transparently in environments using Python >= 3.10 and is effectively a noop in any other scenario.

@omenos
Copy link
Author

omenos commented Dec 16, 2025

Copying over my comment from ansible-collections/vmware.vmware#295 after Mike noted the behavioral change:

I just did a quick check (on RHEL) and if SSL_CERT_FILE is specified, it will be used rather than the system store.

So it's a bit of a behavior reversal, rather than:

  • Default: certifi
  • REQUESTS_CA_BUNDLE: selected bundle

it becomes:

  • Default: system store via truststore
  • SSL_CERT_FILE: selected bundle

Whether or not this project views that as a breaking change is not something I can define.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@omenos