From 809241b89b24484728ad99acb69e1c16a2f5da3e Mon Sep 17 00:00:00 2001 From: Amandeep vishwkarma Date: Fri, 15 May 2026 12:06:24 +0530 Subject: [PATCH] docs: clarify verify parameter defaults and behavior --- src/requests/api.py | 3 ++- src/requests/sessions.py | 4 +++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/src/requests/api.py b/src/requests/api.py index eeb3b54d7f..b9a12d1a6e 100644 --- a/src/requests/api.py +++ b/src/requests/api.py @@ -50,7 +50,8 @@ def request( :param proxies: (optional) Dictionary mapping protocol to the URL of the proxy. :param verify: (optional) Either a boolean, in which case it controls whether we verify the server's TLS certificate, or a string, in which case it must be a path - to a CA bundle to use. Defaults to ``True``. + to a CA bundle to use. Defaults to ``True``. Passing a boolean value will also + ignore any custom CA bundle set globally. :param stream: (optional) if ``False``, the response content will be immediately downloaded. :param cert: (optional) if String, path to ssl client cert file (.pem). If Tuple, ('cert', 'key') pair. :return: :class:`Response ` object diff --git a/src/requests/sessions.py b/src/requests/sessions.py index feaf34053a..dcf88dc8df 100644 --- a/src/requests/sessions.py +++ b/src/requests/sessions.py @@ -606,7 +606,9 @@ def request( content. Defaults to ``False``. :param verify: (optional) Either a boolean, in which case it controls whether we verify the server's TLS certificate, or a string, in which case it must be a path - to a CA bundle to use. Defaults to ``True``. When set to + to a CA bundle to use. Defaults to ``None``, in which case the value from + ``self.verify`` is used. Passing a boolean value will also reset the CA bundle + to the default. When set to ``False``, requests will accept any TLS certificate presented by the server, and will ignore hostname mismatches and/or expired certificates, which will make your application vulnerable to