Self-Signed Certificate instructions needs an update

[RafalSkolasinski]

Documented way of dealing with self signed certificates by setting CURL_CA_BUNDLE="" env variable will not work with requests from version 2.28.0 onward due to

Fixed bug where setting CURL_CA_BUNDLE to an empty string would disable cert verification. All Requests 2.x versions before 2.28.0 are affected. (#6074)

PR psf/requests#6074 that addresses psf/requests#6071 effectively disables this workaround.

[lepture]

Hi @RafalSkolasinski, a PR for the documentation is welcome.

[benallard]

@lepture It's a bit more than just a documentation update, as the feature advertised does not work anymore, and there is no way to make it work as described. The proper solution would be to add support for passing parameters to requests, but I'm not sure if that's wished, as it can lead to insecure setups. In the meantime, the chapter from the doc should be removed. Should I submit a fix for that ?

[RafalSkolasinski]

I'm not sure if that's wished, as it can lead to insecure setups

That's why the flag is called insecure ;)

I forgot about this issue but may think about contributing PR to expose it

[benallard]

FYI, I got around the problem by installing pip-system-certs (Really, just adding it to my env, no modifications to my sourcecode).