Pixi 0.61 on conda-forge having issues verifying TLS

[millsks]

Checks

• I have checked that this issue has not already been reported.

• I have confirmed this bug exists on the latest version of pixi, using pixi --version.

Reproducible example

Commands I ran and their output:

pixi run -e <ENV_NAME> <TASK_NAME>

pixi.toml/pyproject.toml file that reproduces my issue:

Not able to supply

pixi info output:

Other files (e.g. script files, source files, etc.):

Issue description

Is anyone aware of an issue with Pixi on conda-forge having issues with verifying TLS? We have valid CA bundles and it fails only with Pixi. Same certs work with conda and pip. I even tried putting no-verify-tls=true and it still errored out with unknown issuer. I am working on getting the actual Pixi binary available on our pipeline, but for now I had to pin Pixi to 0.58 when it is being installed from conda-forge. These are Artifactory servers acting as proxies for conda-forge and the PyPI CDN servers.

Expected behavior

The Pixi install or any command that needs to resolve or install dependencies should honor the CA bundle currently configured or ignore TLS validation if the no-verify-tls option is set to true.

[tdejager]

ah that sounds like a bug we introduced, is there anything we can do to reproduce this that is publicly available?

[tdejager]

Created a PR that might fix this can you verify by building cargo b --no-default-features --features native-tls and see if this resolves things?