Fix infinite loop when SSL_CERT_FILE is a directory#17503
Merged
zanieb merged 1 commit intoastral-sh:mainfrom Jan 16, 2026
Merged
Fix infinite loop when SSL_CERT_FILE is a directory#17503zanieb merged 1 commit intoastral-sh:mainfrom
SSL_CERT_FILE is a directory#17503zanieb merged 1 commit intoastral-sh:mainfrom
Conversation
When SSL_CERT_FILE points to a directory instead of a file, the code previously only checked if the path exists, which returns true for directories. This caused rustls-native-certs to attempt reading the directory as a certificate file, resulting in an infinite memory allocation loop. The fix validates that SSL_CERT_FILE is an actual file before enabling native TLS certificate loading, and provides a helpful warning message when the path is not a file. Closes astral-sh#17494
zaniebot
force-pushed
the
claude/investigate-issues-tN0fc
branch
from
a7e6569 to
f13b44c
Compare
konstin
approved these changes
Jan 16, 2026
tmeijn
pushed a commit
to tmeijn/dotfiles
that referenced
this pull request
Jan 27, 2026
This MR contains the following updates: | Package | Update | Change | |---|---|---| | [astral-sh/uv](https://github.com/astral-sh/uv) | patch | `0.9.26` → `0.9.27` | MR created with the help of [el-capitano/tools/renovate-bot](https://gitlab.com/el-capitano/tools/renovate-bot). **Proposed changes to behavior should be submitted there as MRs.** --- ### Release Notes <details> <summary>astral-sh/uv (astral-sh/uv)</summary> ### [`v0.9.27`](https://github.com/astral-sh/uv/blob/HEAD/CHANGELOG.md#0927) [Compare Source](astral-sh/uv@0.9.26...0.9.27) Released on 2026-01-26. ##### Python - Upgrade Pyodide to 0.29.2 ([#​17652](astral-sh/uv#17652)) - Upgrade to GraalPy 25.0.2 ([#​17634](astral-sh/uv#17634)) ##### Enhancements - Add `-t` shortform for `--target` to `uv pip` subcommands ([#​17501](astral-sh/uv#17501)) - Add support for ROCm 7.0 and 7.1 accelerator backends ([#​17681](astral-sh/uv#17681)) - Further improve free-threading ABI incompatibility errors ([#​17491](astral-sh/uv#17491)) - Implement `uv pip freeze --exclude` flag ([#​17045](astral-sh/uv#17045)) - Improve warnings for `--system` and `--no-system` in `uv venv` ([#​17647](astral-sh/uv#17647)) - Make `uv pip compile` attempt to download a specified `--python-version` if it can. ([#​17249](astral-sh/uv#17249)) - Support Trusted Publishing with pyx ([#​17438](astral-sh/uv#17438)) - Fix JSON schema for `exclude-newer-package` ([#​17665](astral-sh/uv#17665)) ##### Preview features - Better detection for conflicting packages ([#​17623](astral-sh/uv#17623)) - Upgrade based on outdated build versions in `uv python upgrade` ([#​17653](astral-sh/uv#17653)) ##### Bug fixes - Change chocolatey system test to ensure uv uses the right python ([#​17533](astral-sh/uv#17533)) - Fix infinite loop when `SSL_CERT_FILE` is a directory ([#​17503](astral-sh/uv#17503)) ##### Documentation - Add cargo-xwin to the CONTRIBUTING guide ([#​17507](astral-sh/uv#17507)) - Fix typo in the documentation of UV\_PUBLISH\_INDEX ([#​17672](astral-sh/uv#17672)) - Move MSRV to platform support section ([#​17534](astral-sh/uv#17534)) - Update the testing instructions in the CONTRIBUTING guide ([#​17528](astral-sh/uv#17528)) - Use `--locked` to install `cargo-xwin` in guide ([#​17530](astral-sh/uv#17530)) - Warn about PyPy being unmaintained ([#​17643](astral-sh/uv#17643)) - docs: Correct gitlab-ci.yml to .gitlab-ci.yml ([#​17682](astral-sh/uv#17682)) ##### Other changes - Update MSRV to 1.91 ([#​17677](astral-sh/uv#17677)) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this MR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this MR, check this box --- This MR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi45Mi40IiwidXBkYXRlZEluVmVyIjoiNDIuOTIuNCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiUmVub3ZhdGUgQm90IiwiYXV0b21hdGlvbjpib3QtYXV0aG9yZWQiLCJkZXBlbmRlbmN5LXR5cGU6OnBhdGNoIl19-->
Merged
1 task
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Closes #17494
See rustls/pki-types#98 for details.
I've posted an upstream fix rustls/pki-types#99 but given the severity I think we should defensively patch this here as well.