aboutsummaryrefslogtreecommitdiffstats
path: root/common
diff options
context:
space:
mode:
authorPierre Ossman <ossman@cendio.se>2021-10-14 08:57:08 +0200
committerPierre Ossman <ossman@cendio.se>2021-10-14 08:57:08 +0200
commit37f3a8b47f0b17ea1c1cacaf5c048a0bada618d3 (patch)
tree85d6055768a7ee42a331ea99211adf8f57845c16 /common
parent468687f5d7f036b3e78e767b32d3b9b14a4b3b17 (diff)
downloadtigervnc-37f3a8b47f0b17ea1c1cacaf5c048a0bada618d3.tar.gz
tigervnc-37f3a8b47f0b17ea1c1cacaf5c048a0bada618d3.zip
Don't fail on user CA/CRL problems
The certificates might still be fine using the system trust store, or the user can make an exception. So let's just log and continue on. This got very common after 960c7d2 where we now always have a default value for these settings.
Diffstat (limited to 'common')
-rw-r--r--common/rfb/CSecurityTLS.cxx4
1 files changed, 2 insertions, 2 deletions
diff --git a/common/rfb/CSecurityTLS.cxx b/common/rfb/CSecurityTLS.cxx
index df4b37b5..c2d0b0b9 100644
--- a/common/rfb/CSecurityTLS.cxx
+++ b/common/rfb/CSecurityTLS.cxx
@@ -288,10 +288,10 @@ void CSecurityTLS::setParam()
vlog.error("Could not load system certificate trust store");
if (*cafile && gnutls_certificate_set_x509_trust_file(cert_cred,cafile,GNUTLS_X509_FMT_PEM) < 0)
- throw AuthFailureException("load of CA cert failed");
+ vlog.error("Could not load user specified certificate authority");
if (*crlfile && gnutls_certificate_set_x509_crl_file(cert_cred,crlfile,GNUTLS_X509_FMT_PEM) < 0)
- throw AuthFailureException("load of CRL failed");
+ vlog.error("Could not load user specified certificate revocation list");
if (gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, cert_cred) != GNUTLS_E_SUCCESS)
throw AuthFailureException("gnutls_credentials_set failed");