mirror of
https://gitlab.gnome.org/GNOME/glib.git
synced 2025-12-20 15:15:15 +01:00
82999879bc
Since https://gitlab.gnome.org/GNOME/glib-networking/-/merge_requests/173, there is now a really surprising implication to using a non-default GTlsDatabase: your database could do nothing at all other than wrap the default database, which you would expect to result in no behavior changes, but in fact it causes fewer security checks to be performed during certificate verification. This is because certificate verification moved from GTlsDatabase to GTlsConnection, allowing for more security checks to be performed. But if using a non-default GTlsDatabase, we have to fall back to letting GTlsDatabase to the verification, as before. This is the best we can do. It's not a regression for applications, because it means applications get the previous pre-2.72 behavior. But it does mean that new security checks added in 2.72 are not applied, which is unfortunate, so we should warn developers about this.
47 KiB
47 KiB