On Linux there's usually a central cert-db, but not sure there's such on Windows.

I'm pretty sure that's not true.

Or it just depends on how you define "central cert-db". Usually there is a system wide certificate store with common public root certificates and this store is installed by a package called "ca-certificates" (or similar, depending on the distribution, e.g. https://packages.debian.org/buster/ca-certificates).
In short, there is no such thing as an automagically always available store of certificates on Linux. It still must be installed and in the users' responsibility.

What's the recommended way to handle TLS validation on Windows?

The recommended way is to do nothing. Just use the default GTlsDatabase. That's implemented here and it just uses GnuTLS's default trust store. Presumably that should work as expected on Windows.

This is what I would doubt. Do you have any reference on this? The pasted link is just the code but I could not find any hint about included certificates. So I would assume "glib-networking" needs external certificate resources as well (which is totally fine IMO).

Anyway, for the Windows part: we ship the certificates from the "ca-certificates" package in the G-P Windows installer, for the UpdateChecker plugin but can be used here as well 6011623


You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or unsubscribe.