proper use of SSL certificate with Soup in javascript

Question

I would like to ask how to properly use Soup in gnome-shell extension with a certificate on the client site.

The snippet of my code looks like this:

const Soup = imports.gi.Soup;
const GObject = imports.gi.GObject;
const Gio = imports.gi.Gio;

const TlsDatabase = GObject.registerClass({
    Implements: [Gio.TlsFileDatabase],
    Properties: {
        'anchors': GObject.ParamSpec.override('anchors', Gio.TlsFileDatabase),
    },
}, class TlsDatabase extends Gio.TlsDatabase {});


let session = Soup.Session.new();
session.ssl_strict = true;
session.tls_database = new TlsDatabase({anchors: "path.pem"});;

• After the request, I always get Gio.TlsCertificateFlags.GENERIC_ERROR in the answer.
• Without setting session.tls_database, the error code is 3 and I did not find what does means. So something is happening and I suspect the TlsDatabase is not OK.
• Using session.ssl_strict = false , it works and I got my answer, but I would like to have a secure connection.
• Certificate and server site are OK, I have verified it with curl curl --ssl --cacert path.pem... . It works.

Edited:

• This error is shown: g_tls_database_verify_chain: assertion 'G_TLS_DATABASE_GET_CLASS (self)->verify_chain' failed

Thank you for any help.

Answer 1

You might have to implement vfunc_verify_chain() in your class. (It's not clear to me whether Gio.TlsDatabase provides no default implementation of this virtual function, or it does and this is a bug.)