SSL/TLS Certificate Verification ## Business Purpose

Ensure secure connections by verifying server certificates against trusted CA bundles, with support for custom CAs, client certificates, and environment variable configuration. ## Current Behaviors - cert_verify method on HTTPAdapter configures CA certificates and client certs on a connection src/requests/adapters.py:307. - If verify is False, cert_reqs is set to CERT_NONE src/requests/adapters.py:85. - If verify is a string path to a CA bundle or directory, it is used src/requests/adapters.py:85. - Client certificates are supported as single file path or tuple (cert, key) src/requests/adapters.py:85. - merge_environment_settings reads REQUESTS_CA_BUNDLE and CURL_CA_BUNDLE environment variables src/requests/sessions.py:831. - check_compatibility in __init__.py validates urllib3 version and dependency versions src/requests/init.py:60. ## Technical Implementation SSL context configuration is handled in _urllib3_request_context src/requests/adapters.py:85 and cert_verify. The urllib3 pool manager receives these settings. ## Definition of Done - Setting verify=False disables certificate verification. - Setting verify='/path/to/cabundle' uses that CA bundle. - Setting cert=('/path/to/cert', '/path/to/key') sends a client certificate. - An SSL error (e.g., expired certificate) raises SSLError. - Environment variable REQUESTS_CA_BUNDLE is respected.