diff options
author | Julian Andres Klode <jak@debian.org> | 2017-07-03 14:31:41 +0200 |
---|---|---|
committer | Julian Andres Klode <jak@debian.org> | 2017-07-03 15:06:26 +0200 |
commit | 55673e5476f86ffae8969bfc3a47237f3eeb7720 (patch) | |
tree | f6f954ac2494a2ccc6310527b7b99bdb3b4fba3e | |
parent | a742bac161759e2b265a4d4d5f5527f6035d8e58 (diff) |
Do not error out, only warn if ca certificates are not available
This probably makes more sense if Verify-Peer is set to off.
-rw-r--r-- | methods/connect.cc | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/methods/connect.cc b/methods/connect.cc index f90474059..d82d3d1a8 100644 --- a/methods/connect.cc +++ b/methods/connect.cc @@ -684,11 +684,11 @@ bool UnwrapTLS(std::string Host, std::unique_ptr<MethodFd> &Fd, if (fileinfo.empty()) { // No CaInfo specified, use system trust store. - if ((err = gnutls_certificate_set_x509_system_trust(tlsFd->credentials)) <= 0) - return _error->Error("Could not load system TLS certificates: %s", - err == 0 - ? "No certificates available. Try installing ca-certificates." - : gnutls_strerror(err)); + err = gnutls_certificate_set_x509_system_trust(tlsFd->credentials); + if (err == 0) + Owner->Warning("No system certificates available. Try installing ca-certificates."); + else if (err < 0) + return _error->Error("Could not load system TLS certificates: %s", gnutls_strerror(err)); } else { |