From 55673e5476f86ffae8969bfc3a47237f3eeb7720 Mon Sep 17 00:00:00 2001 From: Julian Andres Klode Date: Mon, 3 Jul 2017 14:31:41 +0200 Subject: Do not error out, only warn if ca certificates are not available This probably makes more sense if Verify-Peer is set to off. --- methods/connect.cc | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'methods') diff --git a/methods/connect.cc b/methods/connect.cc index f90474059..d82d3d1a8 100644 --- a/methods/connect.cc +++ b/methods/connect.cc @@ -684,11 +684,11 @@ bool UnwrapTLS(std::string Host, std::unique_ptr &Fd, if (fileinfo.empty()) { // No CaInfo specified, use system trust store. - if ((err = gnutls_certificate_set_x509_system_trust(tlsFd->credentials)) <= 0) - return _error->Error("Could not load system TLS certificates: %s", - err == 0 - ? "No certificates available. Try installing ca-certificates." - : gnutls_strerror(err)); + err = gnutls_certificate_set_x509_system_trust(tlsFd->credentials); + if (err == 0) + Owner->Warning("No system certificates available. Try installing ca-certificates."); + else if (err < 0) + return _error->Error("Could not load system TLS certificates: %s", gnutls_strerror(err)); } else { -- cgit v1.2.3