Investigate (bad?) interaction between custom certificates and truststore #13514
Description
Based on the discussion the updates in #13186 I think there is an issue (but not regression) here that extends outside the build steps.
Specifically there is some edge case to passing in session.verify = {cert_path} when those certs fail to verify but truststore succeeds in verifying. I'm not sure exactly what the edge case is though as I can't reproduce it (perhaps the same certificate authiority exists in both locations but the one in the path is expired?).
My guess is the broader solution is:
- When passed a certificate path truststore should extend the SSL context from that not from certifi
- When truststore is used pip should set
session.verify = Truenotsession.verify = options.cert(or nothing, I assume True is default?)
@sethmlarson do you have any input here? (edit: whoops, I didn't mean to ping you again, sorry!)
Originally posted by @notatallshaw in #13195 (comment)