nixpkgs/pkgs/development/python-modules/certifi/env.patch

diff --git a/certifi/core.py b/certifi/core.py
index de02898..3ec9147 100644
--- a/certifi/core.py
+++ b/certifi/core.py
@@ -4,6 +4,7 @@ certifi.py
 
 This module returns the installation location of cacert.pem or its contents.
 """
+import os
 import sys
 
 
@@ -12,7 +13,7 @@ if sys.version_info >= (3, 11):
     from importlib.resources import as_file, files
 
     _CACERT_CTX = None
-    _CACERT_PATH = None
+    _CACERT_PATH = os.environ.get("NIX_SSL_CERT_FILE", None)
 
     def where() -> str:
         # This is slightly terrible, but we want to delay extracting the file
@@ -39,14 +40,16 @@ if sys.version_info >= (3, 11):
         return _CACERT_PATH
 
     def contents() -> str:
-        return files("certifi").joinpath("cacert.pem").read_text(encoding="ascii")
+        if _CACERT_PATH is not None:
+            return open(_CACERT_PATH, encoding="utf-8").read()
+        return files("certifi").joinpath("cacert.pem").read_text(encoding="utf-8")
 
 elif sys.version_info >= (3, 7):
 
     from importlib.resources import path as get_path, read_text
 
     _CACERT_CTX = None
-    _CACERT_PATH = None
+    _CACERT_PATH = os.environ.get("NIX_SSL_CERT_FILE", None)
 
     def where() -> str:
         # This is slightly terrible, but we want to delay extracting the
@@ -74,7 +77,9 @@ elif sys.version_info >= (3, 7):
         return _CACERT_PATH
 
     def contents() -> str:
-        return read_text("certifi", "cacert.pem", encoding="ascii")
+        if _CACERT_PATH is not None:
+            return open(_CACERT_PATH, encoding="utf-8").read()
+        return read_text("certifi", "cacert.pem", encoding="utf-8")
 
 else:
     import os
@@ -84,6 +89,8 @@ else:
     Package = Union[types.ModuleType, str]
     Resource = Union[str, "os.PathLike"]
 
+    _CACERT_PATH = os.environ.get("NIX_SSL_CERT_FILE", None)
+
     # This fallback will work for Python versions prior to 3.7 that lack the
     # importlib.resources module but relies on the existing `where` function
     # so won't address issues with environments like PyOxidizer that don't set
@@ -102,7 +109,14 @@ else:
     def where() -> str:
         f = os.path.dirname(__file__)
 
+        if _CACERT_PATH is not None:
+            return _CACERT_PATH
+
         return os.path.join(f, "cacert.pem")
 
     def contents() -> str:
-        return read_text("certifi", "cacert.pem", encoding="ascii")
+        if _CACERT_PATH is not None:
+            with open(_CACERT_PATH, encoding="utf-8") as data:
+                return data.read()
+
+        return read_text("certifi", "cacert.pem", encoding="utf-8")