[glib-networking] gnutls: set GTlsConnection:peer-certificate* even on error

[Dan Winship <danw src gnome org>]

commit 8ffd396d57ae929df3d125eafd6ee9f4dcf4614d
Author: Dan Winship <danw gnome org>
Date:   Thu Oct 20 16:59:04 2011 -0400

    gnutls: set GTlsConnection:peer-certificate* even on error
    
    Previously we were only setting peer-certificate and
    peer-certificate-errors when the connection was accepted. Fix that and
    set them on failure too.

 tls/gnutls/gtlsconnection-gnutls.c |   25 +++++++++++--------------
 1 files changed, 11 insertions(+), 14 deletions(-)
---
diff --git a/tls/gnutls/gtlsconnection-gnutls.c b/tls/gnutls/gtlsconnection-gnutls.c
index c27aee7..32ae0e5 100644
--- a/tls/gnutls/gtlsconnection-gnutls.c
+++ b/tls/gnutls/gtlsconnection-gnutls.c
@@ -916,29 +916,26 @@ handshake_internal (GTlsConnectionGnutls  *gnutls,
 
   if (peer_certificate)
     {
-      if (!G_TLS_CONNECTION_GNUTLS_GET_CLASS (gnutls)->verify_peer (gnutls, peer_certificate, &peer_certificate_errors))
-	{
-	  g_object_unref (peer_certificate);
-	  g_set_error_literal (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE,
-			       _("Unacceptable TLS certificate"));
-	  return FALSE;
-	}
-    }
+      gboolean accepted;
 
-  G_TLS_CONNECTION_GNUTLS_GET_CLASS (gnutls)->finish_handshake (gnutls, ret == 0, error);
+      accepted = G_TLS_CONNECTION_GNUTLS_GET_CLASS (gnutls)->verify_peer (gnutls, peer_certificate, &peer_certificate_errors);
 
-  if (ret == 0)
-    {
       gnutls->priv->peer_certificate = peer_certificate;
       gnutls->priv->peer_certificate_errors = peer_certificate_errors;
 
       g_object_notify (G_OBJECT (gnutls), "peer-certificate");
       g_object_notify (G_OBJECT (gnutls), "peer-certificate-errors");
 
-      return TRUE;
+      if (!accepted)
+	{
+	  g_set_error_literal (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE,
+			       _("Unacceptable TLS certificate"));
+	  return FALSE;
+	}
     }
-  else
-    return FALSE;
+
+  G_TLS_CONNECTION_GNUTLS_GET_CLASS (gnutls)->finish_handshake (gnutls, ret == 0, error);
+  return (ret == 0);
 }
 
 static gboolean