would like the module/CLI to work in environments that validate client certificates and have their own certificate authority certs published for server cert validation on the client side (2-way SSL).

i'm happy to submit a PR on this but wanted to create an issue to track in case someone else has already looked at it. basically you just need to accept a string (and potentially convert to boolean for backward compat) for the ssl_verify attribute of the GitLab class which would pass the path of a CA cert list in PEM encoding to the requests module (as the verify parameter, as well as a certs parameter for requests which packs two values: the client cert and matching private key (both PEM encoded, unencrypted in the case of the private key).