diff options
author | Ben Bodenmiller <bbodenmiller@gmail.com> | 2021-01-19 17:54:22 -0800 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-01-19 17:54:22 -0800 |
commit | 98b3d19e5345c37f17ab67a714ec31abd8f5b668 (patch) | |
tree | e2be07d82d0960d2f00307d3e0f833dd43dc55e9 /docs | |
parent | 202bdfad64fc61353228c821c9deb5bbc697ab3c (diff) | |
download | pip-98b3d19e5345c37f17ab67a714ec31abd8f5b668.tar.gz |
Improve SSL Certificate Verification details
Diffstat (limited to 'docs')
-rw-r--r-- | docs/html/reference/pip_install.rst | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/docs/html/reference/pip_install.rst b/docs/html/reference/pip_install.rst index 1b5351326..9eedafd78 100644 --- a/docs/html/reference/pip_install.rst +++ b/docs/html/reference/pip_install.rst @@ -561,8 +561,14 @@ See the :ref:`pip install Examples<pip install Examples>`. SSL Certificate Verification ---------------------------- -Starting with v1.3, pip provides SSL certificate verification over https, to -prevent man-in-the-middle attacks against PyPI downloads. +Starting with v1.3, pip provides SSL certificate verification over HTTP, to +prevent man-in-the-middle attacks against PyPI downloads. This is handled by +`requests <https://pypi.org/project/requests/>`_ which by default uses a +bundled CA certificate store provided by +`certifi <https://pypi.org/project/certifi/>`_ and does not use the system +certificate store. This may by overridden by using ``--cert`` option or by +using ``REQUESTS_CA_BUNDLE`` or ``CURL_CA_BUNDLE`` `environment variables <https://requests.readthedocs.io/en/latest/user/advanced/#verification>`_ +supported by ``requests``. .. _`Caching`: |