[glib-networking] Warn when performing certificate verification if server-identity is NULL

[Michael Catanzaro <mcatanzaro src gnome org>]

commit 412a9cff10b0d69f047038ec38a1007541346c10
Author: Michael Catanzaro <mcatanzaro gnome org>
Date:   Fri Mar 27 16:07:08 2020 -0500

    Warn when performing certificate verification if server-identity is NULL
    
    It doesn't make sense for client connections to perform certificate
    verification if server-identity is NULL. The only reason this would ever
    not fail would be if the application is ignoring identity mismatches,
    which is always insecure. So if you're doing that, you deserve a
    warning. More likely, the programmer is just confused, and a warning
    will help.
    
    Failure to set server-identity stumped me for over an hour recently.
    Having a warning would have made the problem immediately obvious.
    
    Fixes #130

 tls/base/gtlsconnection-base.c | 3 +++
 1 file changed, 3 insertions(+)
---
diff --git a/tls/base/gtlsconnection-base.c b/tls/base/gtlsconnection-base.c
index 0e3240e..ba627a2 100644
--- a/tls/base/gtlsconnection-base.c
+++ b/tls/base/gtlsconnection-base.c
@@ -1241,6 +1241,9 @@ verify_peer_certificate (GTlsConnectionBase *tls,
   else
     peer_identity = g_dtls_client_connection_get_server_identity (G_DTLS_CLIENT_CONNECTION (tls));
 
+  if (is_client && !peer_identity)
+    g_warning ("GTlsClientConnection certificate verification will fail because its server-identity property 
is NULL. Fix your application!");
+
   errors = 0;
 
   database = g_tls_connection_get_database (G_TLS_CONNECTION (tls));