If no certificate database is set, then the default database will be used. See [gio.tls_backend.TlsBackend.getDefaultDatabase].
When using a non-default database, #GDtlsConnection must fall back to using the #GTlsDatabase to perform certificate verification using [gio.tls_database.TlsDatabase.verifyChain], which means certificate verification will not be able to make use of TLS session context. This may be less secure. For example, if you create your own #GTlsDatabase that just wraps the default #GTlsDatabase, you might expect that you have not changed anything, but this is not true because you may have altered the behavior of #GDtlsConnection by causing it to use [gio.tls_database.TlsDatabase.verifyChain]. See the documentation of [gio.tls_database.TlsDatabase.verifyChain] for more details on specific security checks that may not be performed. Accordingly, setting a non-default database is discouraged except for specialty applications with unusual security requirements.