Skip to content

fix: use global config tls setting with self-update#5119

Merged
baszalmstra merged 1 commit intomainfrom
claude/fix-issue-5117-013RaVFEroSRyvPmDgcj7MQU
Dec 12, 2025
Merged

fix: use global config tls setting with self-update#5119
baszalmstra merged 1 commit intomainfrom
claude/fix-issue-5117-013RaVFEroSRyvPmDgcj7MQU

Conversation

@tdejager
Copy link
Contributor

@tdejager tdejager commented Dec 12, 2025

The latest_version() function was calling reqwest_client_builder(None) which doesn't load global configuration and defaults to using webpki bundled certificates. This caused the version check to fail with TLS errors for users who have configured tls-root-certs = "native" for corporate firewall compatibility.

The fix loads the global config using Config::load_global() and passes it to reqwest_client_builder(), consistent with how build_reqwest_clients() handles the None case.

Description

Fixes #5117

How Has This Been Tested?

Not sure how to test this I would hope the OP of the issue couid give it a try.

AI Disclosure

  • This PR contains AI-generated content.
    • I have tested any AI-generated content in my PR.
    • I take responsibility for any AI-generated content in my PR.

Tools: Opus 4.5

Checklist:

  • I have performed a self-review of my own code
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have added sufficient tests to cover my changes.
  • I have verified that changes that would impact the JSON schema have been made in schema/model.py.

@claude
fix: respect TLS settings in pixi self-update version check
c3fc76c 
The `latest_version()` function was calling `reqwest_client_builder(None)`
which doesn't load global configuration and defaults to using webpki
bundled certificates. This caused the version check to fail with TLS errors
for users who have configured `tls-root-certs = "native"` for corporate
firewall compatibility.

The fix loads the global config using `Config::load_global()` and passes it
to `reqwest_client_builder()`, consistent with how `build_reqwest_clients()`
handles the None case.

Fixes #5117
@tdejager tdejager changed the title Fix issue 5117 transfer tls setting with self-update Dec 12, 2025
@tdejager tdejager changed the title transfer tls setting with self-update fix: transfer tls setting with self-update Dec 12, 2025
@tdejager tdejager changed the title fix: transfer tls setting with self-update fix: use global config tls setting with self-update Dec 12, 2025
@tdejager
Copy link
Contributor Author

tdejager commented Dec 12, 2025

@baszalmstra should we merge it to main and have OP test from there?

@baszalmstra baszalmstra merged commit f0fb195 into main Dec 12, 2025
38 of 40 checks passed
@baszalmstra baszalmstra deleted the claude/fix-issue-5117-013RaVFEroSRyvPmDgcj7MQU branch December 12, 2025 11:16
@BrewTestBot BrewTestBot mentioned this pull request Dec 17, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@wolfv wolfv wolfv approved these changes

@baszalmstra baszalmstra baszalmstra approved these changes

@ruben-arts ruben-arts Awaiting requested review from ruben-arts

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

pixi self-update not using custom TLS settings?

4 participants

@tdejager @wolfv @baszalmstra @claude