From 52dc376f117f41e6b600cdf54a591a66af6c9cc8 Mon Sep 17 00:00:00 2001 From: Pierre Ossman Date: Thu, 14 Oct 2021 08:57:08 +0200 Subject: [PATCH] Don't fail on user CA/CRL problems The certificates might still be fine using the system trust store, or the user can make an exception. So let's just log and continue on. This got very common after 960c7d2 where we now always have a default value for these settings. (cherry picked from commit 37f3a8b47f0b17ea1c1cacaf5c048a0bada618d3) --- common/rfb/CSecurityTLS.cxx | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/common/rfb/CSecurityTLS.cxx b/common/rfb/CSecurityTLS.cxx index be70c559..d0af1410 100644 --- a/common/rfb/CSecurityTLS.cxx +++ b/common/rfb/CSecurityTLS.cxx @@ -288,10 +288,10 @@ void CSecurityTLS::setParam() vlog.error("Could not load system certificate trust store"); if (*cafile && gnutls_certificate_set_x509_trust_file(cert_cred,cafile,GNUTLS_X509_FMT_PEM) < 0) - throw AuthFailureException("load of CA cert failed"); + vlog.error("Could not load user specified certificate authority"); if (*crlfile && gnutls_certificate_set_x509_crl_file(cert_cred,crlfile,GNUTLS_X509_FMT_PEM) < 0) - throw AuthFailureException("load of CRL failed"); + vlog.error("Could not load user specified certificate revocation list"); if (gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, cert_cred) != GNUTLS_E_SUCCESS) throw AuthFailureException("gnutls_credentials_set failed"); -- 2.39.5