Normally, if tls_database is set (including if it was set via ssl_use_system_ca_file or ssl_ca_file), then libsoup will reject any certificate that is invalid (ie, expired) or that is not signed by one of the given CA certificates, and the Message will fail with the status SSL_FAILED.
If you set ssl_strict to false
, then all certificates will be accepted, and you will need to
call get_https_status to distinguish valid from invalid certificates.
(This can be used, eg, if you want to accept invalid certificates after giving some sort of warning.)
For a plain Session, if the session has no CA file or TLS database, and this property is
true
, then all certificates will be rejected. However, beware that the deprecated
Session subclasses (#SoupSessionAsync and SessionSync) have the opposite behavior:
if there is no CA file or TLS database, then all certificates are always accepted, and this property has no effect.