(I was interested in this because I was actually working on something similar recently: https://github.com/imbue-ai/latchkey. To avoid the certificates issue, this library uses a gateway approach instead of a proxy, i.e. clients call endpoints like "http(s)://gateway.url:port/gateway/https://api.github.com/..." which can be effectively hidden behind the "latchkey curl" invocation.)
i think requests is a tricky one, as it _should_ be supporting it already based on the PR [2], but looks like it was merged in the 3.x branch and idk where that is, release-wise.
there is also native TLS on linux (idk what exactly you call it); but
cp cert.pem /usr/local/share/ca-certificates/cert.pem && update-ca-certificates
[1] https://github.com/rustls/rustls-native-certs/issues/16#issu...
is when python 3.13 [1] introduced some stricter validations and the CASB issued certs were not compliant (missing AKI); which broke REQUESTS_CA_BUNDLE/SSL_CERT_FILE for us
[1] https://discuss.python.org/t/python-3-13-x-ssl-security-chan...