Don't fail on user CA/CRL problems

The certificates might still be fine using the system trust store, or
the user can make an exception. So let's just log and continue on.

This got very common after 960c7d2 where we now always have a default
value for these settings.

diff --git a/common/rfb/CSecurityTLS.cxx b/common/rfb/CSecurityTLS.cxx
index df4b37b57abaca8fc12ab94ce68438df6b37e37e..c2d0b0b9260b713e749914e411698f8fd29271fa 100644 (file)
--- a/common/rfb/CSecurityTLS.cxx
+++ b/common/rfb/CSecurityTLS.cxx
@@ -288,10 +288,10 @@ void CSecurityTLS::setParam()
       vlog.error("Could not load system certificate trust store");
 
     if (*cafile && gnutls_certificate_set_x509_trust_file(cert_cred,cafile,GNUTLS_X509_FMT_PEM) < 0)
-      throw AuthFailureException("load of CA cert failed");
+      vlog.error("Could not load user specified certificate authority");
 
     if (*crlfile && gnutls_certificate_set_x509_crl_file(cert_cred,crlfile,GNUTLS_X509_FMT_PEM) < 0)
-      throw AuthFailureException("load of CRL failed");
+      vlog.error("Could not load user specified certificate revocation list");
 
     if (gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, cert_cred) != GNUTLS_E_SUCCESS)
       throw AuthFailureException("gnutls_credentials_set failed");