Skip to content

Commit 652f051

Browse files
tobb10001lovelydinosaur
tobb10001
and
lovelydinosaur
authored
Documentation for SSL_CERT_FILE and SSL_CERT_DIR (#3579)
Co-authored-by: Kim Christie <[email protected]>
1 parent 3fee278 commit 652f051

File tree

2 files changed

+27
-13
lines changed

2 files changed

+27
-13
lines changed

docs/advanced/ssl.md

Lines changed: 1 addition & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -71,19 +71,7 @@ client = httpx.Client(verify=ctx)
7171

7272
### Working with `SSL_CERT_FILE` and `SSL_CERT_DIR`
7373

74-
Unlike `requests`, the `httpx` package does not automatically pull in [the environment variables `SSL_CERT_FILE` or `SSL_CERT_DIR`](https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_default_verify_paths.html). If you want to use these they need to be enabled explicitly.
75-
76-
For example...
77-
78-
```python
79-
# Use `SSL_CERT_FILE` or `SSL_CERT_DIR` if configured.
80-
# Otherwise default to certifi.
81-
ctx = ssl.create_default_context(
82-
cafile=os.environ.get("SSL_CERT_FILE", certifi.where()),
83-
capath=os.environ.get("SSL_CERT_DIR"),
84-
)
85-
client = httpx.Client(verify=ctx)
86-
```
74+
`httpx` does respect the `SSL_CERT_FILE` and `SSL_CERT_DIR` environment variables by default. For details, refer to [the section on the environment variables page](../environment_variables.md#ssl_cert_file).
8775

8876
### Making HTTPS requests to a local server
8977

docs/environment_variables.md

Lines changed: 26 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -51,3 +51,29 @@ python -c "import httpx; httpx.get('http://example.com')"
5151
python -c "import httpx; httpx.get('http://127.0.0.1:5000/my-api')"
5252
python -c "import httpx; httpx.get('https://www.python-httpx.org')"
5353
```
54+
55+
## `SSL_CERT_FILE`
56+
57+
Valid values: a filename
58+
59+
If this environment variable is set then HTTPX will load
60+
CA certificate from the specified file instead of the default
61+
location.
62+
63+
Example:
64+
65+
```console
66+
SSL_CERT_FILE=/path/to/ca-certs/ca-bundle.crt python -c "import httpx; httpx.get('https://example.com')"
67+
```
68+
69+
## `SSL_CERT_DIR`
70+
71+
Valid values: a directory following an [OpenSSL specific layout](https://www.openssl.org/docs/manmaster/man3/SSL_CTX_load_verify_locations.html).
72+
73+
If this environment variable is set and the directory follows an [OpenSSL specific layout](https://www.openssl.org/docs/manmaster/man3/SSL_CTX_load_verify_locations.html) (ie. you ran `c_rehash`) then HTTPX will load CA certificates from this directory instead of the default location.
74+
75+
Example:
76+
77+
```console
78+
SSL_CERT_DIR=/path/to/ca-certs/ python -c "import httpx; httpx.get('https://example.com')"
79+
```

0 commit comments

Comments
 (0)