Document configuring uv with self signed certificates

[jschwe]

export SSL_CERT_FILE=/etc/ssl/certs/ca-certificate.crt

This allows uv to work behind e.g. company proxies that use self signed certificates.

uv doesn't really provide a helpful error message, so it would probably be helpful if we documented this, e.g. by putting it in a FAQ or common issues section.

[mukilan]

This native-tls configuration option has been mentioned in one of the issues in uv repo related to certificate paths. Does this help your case as well?

[jschwe]

That's a good point - I haven't tried yet, but I guess it should work. IMHO using native-tls by default would be a good choice anyway (since the OS certificates are updated by the OS, while uv may be updated infrequently) - If others agree, perhaps we could switch configure uv to use native-tls by default in servo?

[mukilan]

The only concern I have about turning on native-tls in servo is that the documentation mentions potential performance degradation on macOS.

improves portability and performance (especially on macOS).

I can't test on macOS, but I don't notice any difference on my on my linux machine. I'll try to test on Windows as well.

[jschwe]

I can try it out on macos later. astral-sh/uv#2362 says that the slowdown can be in the order of hundreds of milliseconds.
Do we have any scripts that recursively involve uv often enough that it would be noticable? At least for mach build / install / check etc. I can't imagine something in that order of magnitude to be noticable for us compared to the actual runtime of the scripts.