Clarify the new default certificate behavior for pip

pypa · Jul 9, 2024 · 3ac2c6a · 3ac2c6a
1 parent 4ffafab
commit 3ac2c6a
Showing 1 changed file with 5 additions and 2 deletions.
diff --git a/docs/html/topics/https-certificates.md b/docs/html/topics/https-certificates.md
@@ -8,8 +8,7 @@
 
 By default, pip will perform SSL certificate verification for network
 connections it makes over HTTPS. These serve to prevent man-in-the-middle
-attacks against package downloads. Pip by default uses a bundled CA certificate
-store from {pypi}`certifi`.
+attacks against package downloads.
 
 ## Using a specific certificate store
 
@@ -37,6 +36,10 @@ flag to pip.
 
 ```{warning}
 If Python 3.9 or earlier is in use then only certifi is used to verify HTTPS connections.
+
+The system certificate store won't be used in this case, so some situations like proxies
+with their own certificates may not work. Upgrading to at least Python 3.10 or later is
+the recommended method to resolve this issue.
 ```
 
 [truststore github issue tracker]: