From 55673e5476f86ffae8969bfc3a47237f3eeb7720 Mon Sep 17 00:00:00 2001
From: Julian Andres Klode <jak@debian.org>
Date: Mon, 3 Jul 2017 14:31:41 +0200
Subject: Do not error out, only warn if ca certificates are not available

This probably makes more sense if Verify-Peer is set to off.
---
 methods/connect.cc | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

(limited to 'methods/connect.cc')

diff --git a/methods/connect.cc b/methods/connect.cc
index f90474059..d82d3d1a8 100644
--- a/methods/connect.cc
+++ b/methods/connect.cc
@@ -684,11 +684,11 @@ bool UnwrapTLS(std::string Host, std::unique_ptr<MethodFd> &Fd,
    if (fileinfo.empty())
    {
       // No CaInfo specified, use system trust store.
-      if ((err = gnutls_certificate_set_x509_system_trust(tlsFd->credentials)) <= 0)
-	 return _error->Error("Could not load system TLS certificates: %s",
-			      err == 0
-				  ? "No certificates available. Try installing ca-certificates."
-				  : gnutls_strerror(err));
+      err = gnutls_certificate_set_x509_system_trust(tlsFd->credentials);
+      if (err == 0)
+	 Owner->Warning("No system certificates available. Try installing ca-certificates.");
+      else if (err < 0)
+	 return _error->Error("Could not load system TLS certificates: %s", gnutls_strerror(err));
    }
    else
    {
-- 
cgit v1.2.3