> > On Linux there's usually a central cert-db, but not sure there's such on > > Windows. > > I'm pretty sure that's not true.
Or it just depends on how you define "central cert-db". Usually there is a system wide certificate store with common public root certificates and this store is installed by a package called "ca-certificates" (or similar, depending on the distribution, e.g. https://packages.debian.org/buster/ca-certificates). In short, there is no such thing as an automagically always available store of certificates on Linux. It still must be installed and in the users' responsibility. > > What's the recommended way to handle TLS validation on Windows? > > The recommended way is to do nothing. Just use the default GTlsDatabase. > [That's implemented > here](https://gitlab.gnome.org/GNOME/glib-networking/-/blob/master/tls/gnutls/gtlsdatabase-gnutls.c) > and it just uses GnuTLS's default trust store. Presumably that should work > as expected on Windows. This is what I would doubt. Do you have any reference on this? The pasted link is just the code but I could not find any hint about included certificates. So I would assume "glib-networking" needs external certificate resources as well (which is totally fine IMO). Anyway, for the Windows part: we ship the certificates from the "ca-certificates" package in the G-P Windows installer, for the UpdateChecker plugin but can be used here as well https://github.com/geany/geany-plugins/commit/60116231db908cbf3666d1df114f5859a63592e3 -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/geany/geany-plugins/issues/1078#issuecomment-861860312
