Allow specifying a certificate bundle with TLDR_CERT (#243)

* .gitignore: ignore .envrc and .direnv/

* Add support for TLDR_CERT environmental variable

Setting TLDR_CERT will use that as the certificate bundle for updates

* Document TLDR_CERT in README

---------

Co-authored-by: Vítor Henrique <87824454+vitorhcl@users.noreply.github.com>
Co-authored-by: CleanMachine1 <78213164+CleanMachine1@users.noreply.github.com>
Co-authored-by: K.B.Dharun Krishna <kbdharunkrishna@gmail.com>

Author: 4 people

.gitignore

@@ -114,6 +114,10 @@ ENV/
 env.bak/
 venv.bak/
 
+# direnv
+.envrc
+.direnv/
+
 # Spyder project settings
 .spyderproject
 .spyproject

README.md

@@ -137,6 +137,10 @@ For networks that sit behind a proxy, it may be necessary to disable SSL verific
 
 will disable SSL certificate inspection. This __should be avoided__ unless absolutely necessary.
 
+Alternatively, It is possible to use a different certificate store/bundle by setting:
+
+* `TLDR_CERT=/path/to/certificates.crt`
+
 ### Colors
 
 Values of the `TLDR_COLOR_x` variables may consist of three parts:

tldr.py

@@ -34,12 +34,16 @@
 USE_NETWORK = int(os.environ.get('TLDR_NETWORK_ENABLED', '1')) > 0
 USE_CACHE = int(os.environ.get('TLDR_CACHE_ENABLED', '1')) > 0
 MAX_CACHE_AGE = int(os.environ.get('TLDR_CACHE_MAX_AGE', 24*7))
+CAFILE = None if os.environ.get('TLDR_CERT', None) is None else \
+    Path(os.environ.get('TLDR_CERT')).expanduser()
 
 URLOPEN_CONTEXT = None
 if int(os.environ.get('TLDR_ALLOW_INSECURE', '0')) == 1:
     URLOPEN_CONTEXT = ssl.create_default_context()
     URLOPEN_CONTEXT.check_hostname = False
     URLOPEN_CONTEXT.verify_mode = ssl.CERT_NONE
+elif CAFILE:
+    URLOPEN_CONTEXT = ssl.create_default_context(cafile=CAFILE)
 
 OS_DIRECTORIES = {
     "android": "android",