diff options
author | Kenneth Reitz <me@kennethreitz.org> | 2014-09-05 08:11:57 -0700 |
---|---|---|
committer | Kenneth Reitz <me@kennethreitz.org> | 2014-09-05 08:11:57 -0700 |
commit | 359659cf4b9dbeeef1ed832501dc1f99b0f0beac (patch) | |
tree | 9a2763111c4a203ee06e0434a01fca762dde6fd0 | |
parent | 0df32de02d7e8e7481ac4afdab8a762b22b1d240 (diff) | |
parent | 9c6ae1dc0b6ade1dec2e8c3d5dcd8ef98398cb91 (diff) | |
download | python-requests-359659cf4b9dbeeef1ed832501dc1f99b0f0beac.tar.gz |
Merge pull request #2203 from Lukasa/remove_certifi
Remove hard certifi dependency and document.
-rw-r--r-- | docs/user/advanced.rst | 18 | ||||
-rwxr-xr-x | setup.py | 2 |
2 files changed, 19 insertions, 1 deletions
diff --git a/docs/user/advanced.rst b/docs/user/advanced.rst index d50921d4..d285c181 100644 --- a/docs/user/advanced.rst +++ b/docs/user/advanced.rst @@ -741,3 +741,21 @@ coffee. r = requests.get('https://github.com', timeout=None) .. _`connect()`: http://linux.die.net/man/2/connect + +CA Certificates +--------------- + +By default Requests bundles a set of root CAs that it trusts, sourced from the +`Mozilla trust store`_. However, these are only updated once for each Requests +version. This means that if you pin a Requests version your certificates can +become extremely out of date. + +From Requests version 2.4.0 onwards, Requests will attempt to use certificates +from `certifi`_ if it is present on the system. This allows for users to update +their trusted certificates without having to change the code that runs on their +system. + +For the sake of security we recommend upgrading certifi frequently! + +.. _certifi: http://certifi.io/ +.. _Mozilla trust store: https://hg.mozilla.org/mozilla-central/raw-file/tip/security/nss/lib/ckfw/builtins/certdata.txt @@ -27,7 +27,7 @@ packages = [ 'requests.packages.urllib3.packages.ssl_match_hostname', ] -requires = ['certifi'] +requires = [] with open('README.rst', 'r', 'utf-8') as f: readme = f.read() |