trust_env
has diverging defaults between Client
and create_ssl_context
#1430
Labels
good first issue
Good for newcomers
user-experience
Ensuring that users have a good experience using the library
Right now there's a slight discrepancy for the default value of
trust_env
forhttpx.Client()
/httpx.AsyncClient()
andhttpx.create_ssl_context()
.trust_env=True
as a default.create_ssl_context
usestrust_env=None
as a default.In practice, it means that
Client()
has SSLKEYLOGFILE support enabled by default, whileClient(verify=create_ssl_context())
has it disabled — which is non-intuitive.Note that
create_ssl_context()
was introduced via #996, but the defaults pre-date that PR since it was already defined on the internalSSLConfig
class. Instead, the introduction oftrust_env=None
there actually dates back from #301 (SSLKEYLOGFILE
support). There was actually a conversation there about this, but it remained unresolved: #301 (comment)All references to
trust_env
useTrue
as the default. This inconsistency also makes #1302 a bit less intuitive, because:To be clear, this only affects
SSLKEYLOGFILE
support. NETRC support and env-based proxies are not affected since those are managed at the client-level, which already setstrust_env=True
.The text was updated successfully, but these errors were encountered: