Fix confusion between G_TLS_ERROR_BAD_CERTIFICATE and G_TLS_ERROR_HANDSHAKE
Documentation of G_TLS_ERROR_BAD_CERTIFICATE
says "A certificate could not be parsed." Documentation of G_TLS_ERROR_HANDSHAKE
says "The TLS handshake failed because the peer's certificate was not acceptable." But in reality, we use G_TLS_ERROR_BAD_CERTIFICATE
when a certificate is not accepted, and we never use G_TLS_ERROR_HANDSHAKE
for anything.
We have several options for handling this, and the best option isn't clear to me. I don't really like using G_TLS_ERROR_HANDSHAKE
to indicate a bad certificate, though, since it sounds too much like a problem with the handshake itself rather than the certificate. And I'm not sure if we can actually promise to distinguish between malformed certificates and unacceptable certificates, so not sure if we can just introduce a new error for that. Maybe leaving G_TLS_ERROR_HANDSHAKE
unused would be best.