From 94a9588bcc2d6396f76cc5f7467d31f22c8b3791 Mon Sep 17 00:00:00 2001
From: Jonathan Schwender <55576758+jschwe@users.noreply.github.com>
Date: Wed, 16 Apr 2025 13:47:49 +0200
Subject: [PATCH] uv: Use native-tls (#36564)

uv by default uses baked in webpki certificates.
Using the system certificates is preferable for multiple reasons:

- OS updates will automatically update the certificates (including
revoking)
- Supports custom certificates installed on the system (corporate
networks)

uv does not enable this option by default, because it has a performance
overhead on macos.
In our scenarios, with long-running commands, the overhead is basically
not measurable.
I've been using the option on my mac for around 1 month now, without
noticing any degradation.

See also the previous discussion in
https://github.com/servo/book/issues/53 for some background.

Testing: We use `uv` in all our tests

Signed-off-by: Jonathan Schwender <schwenderjonathan@gmail.com>
---
 uv.toml | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 uv.toml

diff --git a/uv.toml b/uv.toml
new file mode 100644
index 00000000000..5af84e6cfda
--- /dev/null
+++ b/uv.toml
@@ -0,0 +1 @@
+native-tls = true