From e6e4f6f6319b39ba3020f96d070b637054c04b6a Mon Sep 17 00:00:00 2001
From: nsfisis <nsfisis@gmail.com>
Date: Mon, 4 May 2026 13:59:49 +0900
Subject: feat(http): honor config.cafile and config.capath

Composer's config.cafile/config.capath were accepted by the config
command but ignored by every HTTP request. Centralize reqwest client
construction in mozart_core::http, pre-load the configured CA bundle
at startup, and route every callsite (registry, vcs drivers, diagnose,
self-update) through the shared builder so user-supplied roots are
actually used during HTTPS verification.
---
 crates/mozart/src/commands.rs | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'crates/mozart/src/commands.rs')

diff --git a/crates/mozart/src/commands.rs b/crates/mozart/src/commands.rs
index c648754..504e38d 100644
--- a/crates/mozart/src/commands.rs
+++ b/crates/mozart/src/commands.rs
@@ -254,6 +254,12 @@ pub async fn execute(cli: &Cli) -> anyhow::Result<()> {
         cli.no_ansi,
         cli.no_interaction,
     );
+
+    // Initialize HTTPS root certificates from `config.cafile` / `config.capath`
+    // before any command makes a network request.
+    let tls_opts = config_helpers::load_tls_options(cli);
+    mozart_core::http::init_tls_options(&tls_opts)?;
+
     let command = cli.command.as_ref().expect("command must be set");
     match command {
         Commands::About(args) => about::execute(args, cli, &console).await,
-- 
cgit v1.3.1