From f207d463907af898fb15ce2cfcedbebdf70fecfe Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bj=C3=B8rn=20Snoen?= <bjornsnoen@users.noreply.github.com>
Date: Fri, 4 Sep 2020 13:54:20 +0200
Subject: [PATCH] Allow using environment cacert file (#38816)

---
 homeassistant/util/ssl.py | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/homeassistant/util/ssl.py b/homeassistant/util/ssl.py
index 719910987e8..7b987d8eeb2 100644
--- a/homeassistant/util/ssl.py
+++ b/homeassistant/util/ssl.py
@@ -1,4 +1,5 @@
 """Helper to create SSL contexts."""
+from os import environ
 import ssl
 
 import certifi
@@ -6,9 +7,12 @@ import certifi
 
 def client_context() -> ssl.SSLContext:
     """Return an SSL context for making requests."""
-    context = ssl.create_default_context(
-        purpose=ssl.Purpose.SERVER_AUTH, cafile=certifi.where()
-    )
+
+    # Reuse environment variable definition from requests, since it's already a requirement
+    # If the environment variable has no value, fall back to using certs from certifi package
+    cafile = environ.get("REQUESTS_CA_BUNDLE", certifi.where())
+
+    context = ssl.create_default_context(purpose=ssl.Purpose.SERVER_AUTH, cafile=cafile)
     return context