[TW-354] Client does not verify SSL certificates

[taskwarrior]

Scott Kroll on 2013-10-11T15:00:29Z says:

Currently the client does a handshake, but does nothing to verify the certificates from the server.

At the bare minimum a call to gnutls_certificate_verify_peers2 should be done in TLSClient.cpp and verify the certificate. gnutls_x509_crt_check_hostname should be used to check that the server's hostname matches the certificate.

Steps to reproduce:

• Set up a client and a server.
• Use a self-signed certificate on the server.
• Supply the client with a DIFFERENT self-signed certificate to act as the trusted certificate.
• Do a sync, the client will accept the certificate no matter what, as long as it has ANY certificate.

[taskwarrior]

Migrated metadata:

Created: 2013-10-11T15:00:29Z
Modified: 2014-02-09T01:36:03Z

[taskwarrior]

Paul Beckingham on 2013-10-30T03:17:59Z says:

Done. Details and updated docs soon.