Documentation about SSL_CERT_FILE environment variable is not correct #3663
Description
In the documentation we can read:
Working with SSL_CERT_FILE and SSL_CERT_DIR
Unlike requests, the httpx package does not automatically pull in [the environment variables SSL_CERT_FILE or SSL_CERT_DIR](https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_default_verify_paths.html). If you want to use these they need to be enabled explicitly.
In one of our applications I have used the SSL_CERT_FILE variable to point to the certificates in the container, which also includes the company certificates, and it is picked up. (confidential details are redacted)
Relevant code seems to be in this part: https://github.com/encode/httpx/blob/master/httpx/_config.py#L34
Once I unset the variable the requests start to fail.
root@container:/opt/app/src# uv run --no-project --with httpx python3
Installed 7 packages in 32ms
Python 3.13.5 (main, Jul 1 2025, 05:26:47) [GCC 12.2.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import httpx; httpx.get("...")
<Response [403 ]>
>>>
root@container:/opt/app/src# unset SSL_CERT_FILE
root@container:/opt/app/src# uv run --no-project --with httpx python3
Python 3.13.5 (main, Jul 1 2025, 05:26:47) [GCC 12.2.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import httpx; httpx.get("...")
Traceback (most recent call last):
...
httpx.ConnectError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate in certificate chain (_ssl.c:1028)
I believe that the documentation should be fixed.
Given that client configuration is already covered at the top of the page (ssl.create_default_context). I think mentioning that those two variables can be used to configure all clients is the best way forward.
Looking forward to your reply. I have no issues with providing a change, but would like to hear your input before starting.