| From: | Magnus Hagander <magnus(at)hagander(dot)net> |
|---|---|
| To: | Dave Page <dpage(at)pgadmin(dot)org> |
| Cc: | pgadmin-hackers <pgadmin-hackers(at)postgresql(dot)org> |
| Subject: | Re: Support for sslverify |
| Date: | 2009-03-16 08:03:39 |
| Message-ID: | E46762F0-1B3F-4700-9583-8FCC29424A29@hagander.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgadmin-hackers |
On 15 mar 2009, at 17.00, Dave Page <dpage(at)pgadmin(dot)org> wrote:
> On Sun, Mar 15, 2009 at 2:51 PM, Magnus Hagander
> <magnus(at)hagander(dot)net> wrote:
>> We've seen it here and Dave reported to me on IM that he has received
>> further reports of people getting stuck by the new 8.4 SSL code that
>> verifies server certificates by default.
>>
>> I think this will happen for example for everybody who has their pg
>> on a
>> debian server and their client elsewhere, for example, since debian
>> enables a snakeoil SSL cert by default (which in itself is a pretty
>> bad
>> idea, but it's what they do)
>>
>>
>> Should we provide an option to override this (connection option
>> sslverify) in the connection dialog? And is it something we need to
>> do
>> for this version (yes, I know it's already in beta..)
>
> There's support for this in libpq aready? If so, then please go ahead
> and fix pgAdmin :-)
Yes, that was part of the original patch. You can set to verify all
(never before, and default), verify ca (default before *if* the root
cert was there) or no verification at all.
> Note that the server connection diagloue is already pretty much at the
> maximum height, so any changes there will probably need to include
> splitting of the tabset.
Crap. That something we want to do between betas?
/Magnus
| From | Date | Subject | |
|---|---|---|---|
| Next Message | svn | 2009-03-16 08:16:06 | SVN Commit by guillaume: r7706 - trunk/pgadmin3/i18n/zh_CN |
| Previous Message | Quan Zongliang | 2009-03-16 05:48:21 | Re: some items in .po file |