Feature: log details about Certificates Authority bundle (#397)

docs/guides/howto_behind_proxy.md

@@ -4,6 +4,8 @@
 Only HTTP and HTTPS proxies are supported. No socks, no PAC.
 :::
 
+> See [Requests official documentation](https://docs.python-requests.org/en/latest/user/advanced/#proxies)
+
 ## Passing as CLI option
 
 - the proxy configuration is scoped to the QDT execution.
@@ -40,3 +42,30 @@ At the shell session scope:
 > $env:QDT_PROXY_HTTP='http://user:password@proxyserver.intra:8765'
 > qdt -vvv
 ```
+
+----
+
+## Defining custom SSL client certificates
+
+Using a proxy for https connections typically requires the local machine to trust the proxy’s root certificate.
+
+> See [Requests official documentation](https://docs.python-requests.org/en/latest/user/advanced/#ca-certificates)
+
+### Using `REQUESTS_CA_BUNDLE` or `CURL_CA_BUNDLE`
+
+Point to a certificat bundle file path (*.pem).
+
+#### Example on Windows PowerShell
+
+Only for the QDT command scope:
+
+```powershell
+$env:REQUESTS_CA_BUNDLE="$env:USERPROFILE\cacerts.pem"; qdt -vvv
+```
+
+At the shell session scope:
+
+```powershell
+> $env:REQUESTS_CA_BUNDLE="$env:USERPROFILE\cacerts.pem"
+> qdt -vvv
+```

qgis_deployment_toolbelt/utils/journalizer.py

@@ -16,6 +16,9 @@
 from socket import gethostname
 
 # 3rd party
+import certifi
+from requests.utils import DEFAULT_CA_BUNDLE_PATH
+
 # Imports depending on operating system
 if "linux" in uname().system.lower():
     import distro
@@ -131,6 +134,13 @@ def headers():
     else:
         logger.debug("No network proxies detected")
 
+    # SSL CA certificates
+    logger.debug(f"Installed certificate authority (CA) bundle: {certifi.where()}")
+    logger.debug(f"Default certificate authority (CA) bundle: {DEFAULT_CA_BUNDLE_PATH}")
+    logger.debug(
+        f"Certificate authority (CA) bundle to use: {getenv('REQUESTS_CA_BUNDLE', getenv('CURL_CA_BUNDLE'))}"
+    )
+
 
 def get_logger_filepath() -> Path | None:
     """Retrieve log filepath within logger handlers.