Enable TLS native root toggling at runtime (#2362)

mirrors/uv

mirror of https://github.com/astral-sh/uv.git synced 2025-11-03 05:03:46 +00:00

## Summary

It turns out that on macOS, reading the native certificates can add
hundreds of milliseconds to client initialization. This PR makes
`--native-tls` a command-line flag, to toggle (at runtime) the choice of
the `webpki` roots or the native system roots.

You can't accomplish this kind of configuration with the `reqwest`
builder API, so instead, I pulled out the heart of that logic from the
crate
(e319263851/src/async_impl/client.rs (L498)),
and modified it to allow toggling a choice of root.

Note that there's an open PR for this in reqwest
(https://github.com/seanmonstar/reqwest/pull/1848), along with an issue
(https://github.com/seanmonstar/reqwest/issues/1843), which I may ping,
but it's been around for a while and I believe reqwest is focused on its
next major release.

Closes https://github.com/astral-sh/uv/issues/2346.

This commit is contained in:

Charlie Marsh

2024-03-11 21:05:49 -07:00

• committed by

GitHub

parent 1d21e65fbc

commit e9c16e9aa2

No known key found for this signature in database

GPG key ID: B5690EEEBB952194

11 changed files with 170 additions and 9 deletions

									
										1

crates/uv-client/src/lib.rs
									
										View file
										
				@ -16,3 +16,4 @@ mod middleware;

				mod registry_client;

				mod remote_metadata;

				mod rkyvutil;

				mod tls;

Rows
Columns

Enable TLS native root toggling at runtime (#2362)

1 crates/uv-client/src/lib.rs Unescape Escape View file

1

crates/uv-client/src/lib.rs

View file