[Github-comments] [geany/geany-plugins] geniuspaste plugin missing TLS certificate verification (#1078)
Michael Catanzaro
notifications at xxxxx
Wed Jun 16 03:37:46 UTC 2021
> This is what I would doubt. Do you have any reference on this? The pasted link is just the code but I could not find any hint about included certificates. So I would assume "glib-networking" needs external certificate resources as well (which is totally fine IMO).
If you use the default GTlsDatabase, then you'll get the GnuTLS default trust store, which on Windows will be the Windows trust store. [The code for this is here.](https://gitlab.com/gnutls/gnutls/-/blob/master/lib/system/certs.c)
Of course, you can always write your own GTlsDatabase if you want to do so, but that's only needed for unusual cases.
> Anyway, for the Windows part: we ship the certificates from the "ca-certificates" package in the G-P Windows installer, for the UpdateChecker plugin but can be used here as well [6011623](https://github.com/geany/geany-plugins/commit/60116231db908cbf3666d1df114f5859a63592e3)
Hm, I'm pretty sure GnuTLS is not going to use your ca-certificates trust store at all, not unless you configure it to do so when building GnuTLS. By default, it would prefer the Windows trust instead. You can force it to do what you want using the --with-default-trust-store configure flag when building GnuTLS.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/geany/geany-plugins/issues/1078#issuecomment-862012342
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.geany.org/pipermail/github-comments/attachments/20210615/34ede397/attachment.htm>
More information about the Github-comments
mailing list