gnutls: set GTlsConnection:peer-certificate* even on error

Previously we were only setting peer-certificate and
peer-certificate-errors when the connection was accepted. Fix that and
set them on failure too.

diff --git a/tls/gnutls/gtlsconnection-gnutls.c b/tls/gnutls/gtlsconnection-gnutls.c
index c27aee7..32ae0e5 100644 (file)
--- a/tls/gnutls/gtlsconnection-gnutls.c
+++ b/tls/gnutls/gtlsconnection-gnutls.c
@@ -916,29 +916,26 @@ handshake_internal (GTlsConnectionGnutls  *gnutls,
 
   if (peer_certificate)
     {
-      if (!G_TLS_CONNECTION_GNUTLS_GET_CLASS (gnutls)->verify_peer (gnutls, peer_certificate, &peer_certificate_errors))
-       {
-         g_object_unref (peer_certificate);
-         g_set_error_literal (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE,
-                              _("Unacceptable TLS certificate"));
-         return FALSE;
-       }
-    }
+      gboolean accepted;
 
-  G_TLS_CONNECTION_GNUTLS_GET_CLASS (gnutls)->finish_handshake (gnutls, ret == 0, error);
+      accepted = G_TLS_CONNECTION_GNUTLS_GET_CLASS (gnutls)->verify_peer (gnutls, peer_certificate, &peer_certificate_errors);
 
-  if (ret == 0)
-    {
       gnutls->priv->peer_certificate = peer_certificate;
       gnutls->priv->peer_certificate_errors = peer_certificate_errors;
 
       g_object_notify (G_OBJECT (gnutls), "peer-certificate");
       g_object_notify (G_OBJECT (gnutls), "peer-certificate-errors");
 
-      return TRUE;
+      if (!accepted)
+       {
+         g_set_error_literal (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE,
+                              _("Unacceptable TLS certificate"));
+         return FALSE;
+       }
     }
-  else
-    return FALSE;
+
+  G_TLS_CONNECTION_GNUTLS_GET_CLASS (gnutls)->finish_handshake (gnutls, ret == 0, error);
+  return (ret == 0);
 }
 
 static gboolean