[glib] GTlsCertificate: fix loading of bad certificate chains

[Dan Winship <danw src gnome org>]

commit 982d0e11d702ff49f69cb90cb65dd71ebd3df54d
Author: Dan Winship <danw gnome org>
Date:   Tue Oct 28 15:08:43 2014 -0400

    GTlsCertificate: fix loading of bad certificate chains
    
    g_tls_certificate_new_from_file() was only loading the complete chain
    if it was fully valid, but we only meant to be validating that it
    formed an actual chain (since the caller may be planning to ignore
    other errors).
    
    https://bugzilla.gnome.org/show_bug.cgi?id=729739

 gio/gtlscertificate.c |   12 ++++++------
 1 files changed, 6 insertions(+), 6 deletions(-)
---
diff --git a/gio/gtlscertificate.c b/gio/gtlscertificate.c
index 9e3faf2..81e072f 100644
--- a/gio/gtlscertificate.c
+++ b/gio/gtlscertificate.c
@@ -387,14 +387,14 @@ create_certificate_chain_from_list (GSList       *pem_list,
       pem = g_slist_next (pem);
     }
 
-  /* Verify the certificate chain and return NULL if it doesn't
-   * verify. */
+  /* Verify that the certificates form a chain. (We don't care at this
+   * point if there are other problems with it.)
+   */
   flags = g_tls_certificate_verify (cert, NULL, root);
-  if (flags)
+  if (flags & G_TLS_CERTIFICATE_UNKNOWN_CA)
     {
-      /* Couldn't verify the certificate chain, so unref it. */
-      g_object_unref (cert);
-      cert = NULL;
+      /* It wasn't a chain, it's just a bunch of unrelated certs. */
+      g_clear_object (&cert);
     }
 
   return cert;