Skip to content

gnutls: fix use of non-default GTlsDatabases

Michael Catanzaro requested to merge mcatanzaro/fix-geary into master

In d94c3313 I reworked how we do certificate verification. This was mostly good, but it included a major mistake: I assumed that the GTlsDatabase was always a GTlsDatabaseGnutls. This was incorrect because our API allows configuring an arbitrary GTlsDatabase. Let's fall back to the original behavior in this case. It won't be as secure -- there will be no certificate revocation or key usage checks -- but this is necessary to maintain compatibility with existing code that isn't doing anything wrong.

Fixes #169 (closed)

Merge request reports