Improve SSL Certificate Verification details

author: Ben Bodenmiller <bbodenmiller@gmail.com> 2021-01-19 17:54:22 -0800
committer: GitHub <noreply@github.com> 2021-01-19 17:54:22 -0800
commit: 98b3d19e5345c37f17ab67a714ec31abd8f5b668 (patch)
tree: e2be07d82d0960d2f00307d3e0f833dd43dc55e9 /docs
parent: 202bdfad64fc61353228c821c9deb5bbc697ab3c (diff)
download: pip-98b3d19e5345c37f17ab67a714ec31abd8f5b668.tar.gz
1 files changed, 8 insertions, 2 deletions
diff --git a/docs/html/reference/pip_install.rst b/docs/html/reference/pip_install.rst
index 1b5351326..9eedafd78 100644
--- a/docs/html/reference/pip_install.rst
+++ b/docs/html/reference/pip_install.rst
@@ -561,8 +561,14 @@ See the :ref:`pip install Examples<pip install Examples>`.
 SSL Certificate Verification
 ----------------------------
 
-Starting with v1.3, pip provides SSL certificate verification over https, to
-prevent man-in-the-middle attacks against PyPI downloads.
+Starting with v1.3, pip provides SSL certificate verification over HTTP, to
+prevent man-in-the-middle attacks against PyPI downloads. This is handled by
+`requests <https://pypi.org/project/requests/>`_ which by default uses a
+bundled CA certificate store provided by
+`certifi <https://pypi.org/project/certifi/>`_ and does not use the system
+certificate store. This may by overridden by using ``--cert`` option or by
+using ``REQUESTS_CA_BUNDLE`` or ``CURL_CA_BUNDLE`` `environment variables <https://requests.readthedocs.io/en/latest/user/advanced/#verification>`_
+supported by ``requests``.
 
 
 .. _`Caching`:
author	Ben Bodenmiller <bbodenmiller@gmail.com>	2021-01-19 17:54:22 -0800
committer	GitHub <noreply@github.com>	2021-01-19 17:54:22 -0800
commit	98b3d19e5345c37f17ab67a714ec31abd8f5b668 (patch)
tree	e2be07d82d0960d2f00307d3e0f833dd43dc55e9 /docs
parent	202bdfad64fc61353228c821c9deb5bbc697ab3c (diff)
download	pip-98b3d19e5345c37f17ab67a714ec31abd8f5b668.tar.gz