The Fix
Upgrade to version 0.7.3 or later.
Based on closed encode/httpx issue #3604 · PR/commit linked
Production note: Most teams hit this during upgrades or environment changes. Roll out with a canary and smoke critical endpoints (health, OpenAPI/docs) before 100%.
@@ -2,6 +2,12 @@ Environment Variables
The HTTPX library can be configured via environment variables.
+Environment variables are used by default. To ignore environment variables, `trust_env` has to be set `False`.
+There are two ways to set `trust_env` to disable environment variables:
+
Option A — Upgrade to fixed release\nUpgrade to version 0.7.3 or later.\nWhen NOT to use: This fix is not applicable if the documentation is already accurate.\n\n
Why This Fix Works in Production
- Trigger: Docs are incorrect about SSL_CERT_FILE behavior
- Mechanism: Documentation incorrectly described the behavior of SSL_CERT_FILE and SSL_CERT_DIR environment variables
- Why the fix works: Added support for SSL_CERT_FILE and SSL_CERT_DIR environment variables in HTTPX. (first fixed release: 0.7.3).
- If left unfixed, the same config can fail only in production (env differences), causing startup failures or partial feature outages.
Why This Breaks in Prod
- Documentation incorrectly described the behavior of SSL_CERT_FILE and SSL_CERT_DIR environment variables
- Production symptom (often without a traceback): Docs are incorrect about SSL_CERT_FILE behavior
Proof / Evidence
- GitHub issue: #3604
- Fix PR: https://github.com/encode/httpx/pull/307
- First fixed release: 0.7.3
- Reproduced locally: No (not executed)
- Last verified: 2026-02-09
- Confidence: 0.75
- Did this fix it?: Yes (upstream fix exists)
- Own content ratio: 0.72
Discussion
High-signal excerpts from the issue thread (symptoms, repros, edge-cases).
“Confusingly, the changes to the "Environment Variables" page don't appear on the documentation site. Is publishing broken? https://www.python-httpx.org/environment_variables/”
“Ah, it was removed in a later version, that is disappointing: https://github.com/encode/httpx/pull/3022”
Failure Signature (Search String)
- Docs are incorrect about SSL_CERT_FILE behavior
- https://github.com/encode/httpx/blob/4fb9528c2f5ac000441c3634d297e77da23067cd/docs/advanced/ssl.md?plain=1#L74
Copy-friendly signature
Failure Signature
-----------------
Docs are incorrect about SSL_CERT_FILE behavior
https://github.com/encode/httpx/blob/4fb9528c2f5ac000441c3634d297e77da23067cd/docs/advanced/ssl.md?plain=1#L74
Error Message
Signature-only (no traceback captured)
Error Message
-------------
Docs are incorrect about SSL_CERT_FILE behavior
https://github.com/encode/httpx/blob/4fb9528c2f5ac000441c3634d297e77da23067cd/docs/advanced/ssl.md?plain=1#L74
What Broke
Users experienced confusion and incorrect behavior due to outdated documentation.
Why It Broke
Documentation incorrectly described the behavior of SSL_CERT_FILE and SSL_CERT_DIR environment variables
Fix Options (Details)
Option A — Upgrade to fixed release Safe default (recommended)
Upgrade to version 0.7.3 or later.
Use when you can deploy the upstream fix. It is usually lower-risk than long-lived workarounds.
Fix reference: https://github.com/encode/httpx/pull/307
First fixed release: 0.7.3
Last verified: 2026-02-09. Validate in your environment.
When NOT to Use This Fix
- This fix is not applicable if the documentation is already accurate.
Did This Fix Work in Your Case?
Quick signal helps us prioritize which fixes to verify and improve.
Prevention
- Add a CI check that diffs key outputs after upgrades (OpenAPI schema snapshots, JSON payload shapes, CLI output).
- Upgrade behind a canary and run integration tests against the canary before 100% rollout.
- Add a TLS smoke test that performs a real handshake in CI (include CA bundle validation and hostname checks).
- Alert on handshake failures by error string and endpoint to catch cert/CA changes quickly.
Version Compatibility Table
| Version | Status |
|---|---|
| 0.7.3 | Fixed |
Related Issues
No related fixes found.
Sources
We don’t republish the full GitHub discussion text. Use the links above for context.