Use cert_reqs=CERT_REQUIRED by default (#1507)

author: Seth Michael Larson <sethmichaellarson@gmail.com> 2019-01-25 13:15:37 -0600
committer: GitHub <noreply@github.com> 2019-01-25 13:15:37 -0600
commit: 4325867d1ae0d139a11c8689c2d2a5ba2c666c83 (patch)
tree: 0e6123db733dc9ed0f798026f5f3673f50a23edc /docs
parent: 799f50d70720accd2343905ce8225062b8b099fe (diff)
download: urllib3-4325867d1ae0d139a11c8689c2d2a5ba2c666c83.tar.gz
1 files changed, 8 insertions, 4 deletions
diff --git a/docs/user-guide.rst b/docs/user-guide.rst
index 11c94f3e..a63af086 100644
--- a/docs/user-guide.rst
+++ b/docs/user-guide.rst
@@ -202,11 +202,15 @@ recommended to set the ``Content-Type`` header::
 Certificate verification
 ------------------------
 
-It is highly recommended to always use SSL certificate verification.
-**By default, urllib3 does not verify HTTPS requests**.
+ .. note:: *New in version 1.25*
 
-In order to enable verification you will need a set of root certificates. The easiest
-and most reliable method is to use the `certifi <https://certifi.io/>`_ package which provides Mozilla's root certificate bundle::
+    HTTPS connections are now verified by default (``cert_reqs = 'CERT_REQUIRED'``).
+
+While you can disable certification verification, it is highly recommend to leave it on.
+
+Unless otherwise specified urllib3 will try to load the default system certificate stores.
+The most reliable cross-platform method is to use the `certifi <https://certifi.io/>`_
+package which provides Mozilla's root certificate bundle::
 
     pip install certifi
author	Seth Michael Larson <sethmichaellarson@gmail.com>	2019-01-25 13:15:37 -0600
committer	GitHub <noreply@github.com>	2019-01-25 13:15:37 -0600
commit	4325867d1ae0d139a11c8689c2d2a5ba2c666c83 (patch)
tree	0e6123db733dc9ed0f798026f5f3673f50a23edc /docs
parent	799f50d70720accd2343905ce8225062b8b099fe (diff)
download	urllib3-4325867d1ae0d139a11c8689c2d2a5ba2c666c83.tar.gz