Possibility to add tls_cacert on single intersphinx_mapping

[PhilippSelenium]

Is your feature request related to a problem? Please describe. Since our company network is behind a ca certificate proxy we need to add tls_cacerts = <path_to_company_ca_certificate> Which is then used for every request: https://github.com/sphinx-doc/sphinx/blob/e628afd5cd0c565f1e33abb01cac26180455182f/sphinx/util/requests.py#L98

But the problem is that this works i.e for python's official intersphinx file:

requests.get("https://docs.python.org/3.6", stream=True, timeout=30, headers={'User-Agent': 'Sphinx/2.3.1 requests/2.22.0 python/3.6.7'}, verify="/usr/local/share/ca-certificates/company_cert.crt") 

But throws an error for i.e grpc:

requests.get("https://grpc.github.io/grpc/python", stream=True, timeout=30, headers={'User-Agent': 'Sphinx/2.3.1 requests/2.22.0 python/3.6.7'}, verify="/usr/local/share/ca-certificates/company_cert.crt"

SSLError: HTTPSConnectionPool(host='grpc.github.io', port=443): Max retries exceeded with url: /grpc/python (Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:852)'),))

Describe the solution you'd like Setting the ca certificate on a single intersphinx_mapping could solve this.

intersphinx_mapping = {'python': ('https://docs.python.org/3',
                                  (None, 'python-inv.txt'), "/usr/local/share/ca-certificates/company_cert.crt")}

Describe alternatives you've considered Setting tls_verify = False and

urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning) 

is a temporary workaround

Additional context Is this maybe even a python requests or urllib3 problem? Or docs.python.org choice of certificate? OpenSSL 1.1.1 11 Sep 2018

[tk0miya]

Are you requesting to enable or disable tls_cacerts to arbitrary hosts? I don't understand why it is needed, and I don't know this is common problem or not. AFAIK, there are no such feature on controlling TLS for each hosts in other OSS. So -1 for this.