Description of problem:
As reported and discussed upstream at https://github.com/psf/requests/issues/6726 , https://github.com/psf/requests/issues/6730 , and https://github.com/psf/requests/pull/6731 , requests 2.32.x (up to the latest, 2.32.3) has a couple of significant issues with certificate loading. There's a concurrency problem with multiple contexts with different certs, and custom contexts no longer have the system default trust bundle loaded into them (which has always been the case in the past, and which many consumers of requests rely on).

I ran into this via httpie not working - https://github.com/httpie/cli/issues/1583 . I've sent a patch for httpie to explicitly load the default certificates and backported that, so httpie is fixed now. But there could be many other things in Fedora that use custom SSL contexts via requests and are broken by that problem.

If upstream is not able to resolve this by Fedora 41 release, I think we should at least consider downgrading to 2.31.0. This is a decision a lot of projects are making upstream (for their dependency declarations consumed by pip etc) until upstream is able to sort this out; there's a general perception that the security issue 2.32.x fixed was not that serious in most contexts.

Version-Release number of selected component (if applicable):
2.32.3-3.fc41 etc.

How reproducible:
100%

Steps to Reproduce:
with httpie-3.2.2-15.fc41 or lower, try 'http get https://bodhi.fedoraproject.org/releases' (or any https URL).

Actual results:
http: error: SSLError: HTTPSConnectionPool(host='bodhi.fedoraproject.org', port=443): Max retries exceeded with url: (url) (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1020)'))) while doing a GET request to URL: (url)

Expected results:
Successful page retrieval

Additional info: