From 89599a9541af14bcf906fc4ed58ccbdf403802ba Mon Sep 17 00:00:00 2001
From: Tom Christie <tom@tomchristie.com>
Date: Wed, 4 Dec 2024 11:29:09 +0000
Subject: [PATCH] Fix `verify=False`, `cert=...` case. (#3442)

---
 CHANGELOG.md     | 4 ++++
 httpx/_config.py | 7 +++----
 2 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 060013b0f3..4f1233ef8b 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,6 +4,10 @@ All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 
+## Dev
+
+* Fix SSL case where `verify=False` together with client side certificates.
+ 
 ## 0.28.0 (28th November, 2024)
 
 The 0.28 release includes a limited set of deprecations.
diff --git a/httpx/_config.py b/httpx/_config.py
index dbd2b46cd1..467a6c90ae 100644
--- a/httpx/_config.py
+++ b/httpx/_config.py
@@ -39,10 +39,9 @@ def create_ssl_context(
             # Default case...
             ctx = ssl.create_default_context(cafile=certifi.where())
     elif verify is False:
-        ssl_context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
-        ssl_context.check_hostname = False
-        ssl_context.verify_mode = ssl.CERT_NONE
-        return ssl_context
+        ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
+        ctx.check_hostname = False
+        ctx.verify_mode = ssl.CERT_NONE
     elif isinstance(verify, str):  # pragma: nocover
         message = (
             "`verify=<str>` is deprecated. "