<p></p>
<blockquote>
<blockquote>
<p>On Linux there's usually a central cert-db, but not sure there's such on Windows.</p>
</blockquote>
<p>I'm pretty sure that's not true.</p>
</blockquote>
<p>Or it just depends on how you define "central cert-db". Usually there is a system wide certificate store with common public root certificates and this store is installed by a package called "ca-certificates" (or similar, depending on the distribution, e.g. <a href="https://packages.debian.org/buster/ca-certificates" rel="nofollow">https://packages.debian.org/buster/ca-certificates</a>).<br>
In short, there is no such thing as an automagically always available store of certificates on Linux. It still must be installed and in the users' responsibility.</p>
<blockquote>
<blockquote>
<p>What's the recommended way to handle TLS validation on Windows?</p>
</blockquote>
<p>The recommended way is to do nothing. Just use the default GTlsDatabase. <a href="https://gitlab.gnome.org/GNOME/glib-networking/-/blob/master/tls/gnutls/gtlsdatabase-gnutls.c" rel="nofollow">That's implemented here</a> and it just uses GnuTLS's default trust store. Presumably that should work as expected on Windows.</p>
</blockquote>
<p>This is what I would doubt. Do you have any reference on this? The pasted link is just the code but I could not find any hint about included certificates. So I would assume "glib-networking" needs external certificate resources as well (which is totally fine IMO).</p>
<p>Anyway, for the Windows part: we ship the certificates from the "ca-certificates" package in the G-P Windows installer, for the UpdateChecker plugin but can be used here as well <a class="commit-link" data-hovercard-type="commit" data-hovercard-url="https://github.com/geany/geany-plugins/commit/60116231db908cbf3666d1df114f5859a63592e3/hovercard" href="https://github.com/geany/geany-plugins/commit/60116231db908cbf3666d1df114f5859a63592e3"><tt>6011623</tt></a></p>

<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">—<br />You are receiving this because you are subscribed to this thread.<br />Reply to this email directly, <a href="https://github.com/geany/geany-plugins/issues/1078#issuecomment-861860312">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/AAIOWJ2H7HUX7A7WGNKJ67TTS7DY5ANCNFSM45PTM2BQ">unsubscribe</a>.<img src="https://github.com/notifications/beacon/AAIOWJ5YB3AV5UVC673LZGDTS7DY5A5CNFSM45PTM2B2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOGNPPDWA.gif" height="1" width="1" alt="" /></p>
<script type="application/ld+json">[
{
"@context": "http://schema.org",
"@type": "EmailMessage",
"potentialAction": {
"@type": "ViewAction",
"target": "https://github.com/geany/geany-plugins/issues/1078#issuecomment-861860312",
"url": "https://github.com/geany/geany-plugins/issues/1078#issuecomment-861860312",
"name": "View Issue"
},
"description": "View this Issue on GitHub",
"publisher": {
"@type": "Organization",
"name": "GitHub",
"url": "https://github.com"
}
}
]</script>