The verification process (basically setting requests verify=true) should default to true, but be exposed as a configuration option, with a warning to users that setting it to false is insecure. A second iteration might include links to how to fix this issue in a more secure way.
Along the same lines as this issue:
The verification process (basically setting requests verify=true) should default to true, but be exposed as a configuration option, with a warning to users that setting it to false is insecure. A second iteration might include links to how to fix this issue in a more secure way.