On 15 mar 2009, at 17.00, Dave Page <dpage@pgadmin.org> wrote:
> On Sun, Mar 15, 2009 at 2:51 PM, Magnus Hagander
> <magnus@hagander.net> wrote:
>> We've seen it here and Dave reported to me on IM that he has received
>> further reports of people getting stuck by the new 8.4 SSL code that
>> verifies server certificates by default.
>>
>> I think this will happen for example for everybody who has their pg
>> on a
>> debian server and their client elsewhere, for example, since debian
>> enables a snakeoil SSL cert by default (which in itself is a pretty
>> bad
>> idea, but it's what they do)
>>
>>
>> Should we provide an option to override this (connection option
>> sslverify) in the connection dialog? And is it something we need to
>> do
>> for this version (yes, I know it's already in beta..)
>
> There's support for this in libpq aready? If so, then please go ahead
> and fix pgAdmin :-)
Yes, that was part of the original patch. You can set to verify all
(never before, and default), verify ca (default before *if* the root
cert was there) or no verification at all.
> Note that the server connection diagloue is already pretty much at the
> maximum height, so any changes there will probably need to include
> splitting of the tabset.
Crap. That something we want to do between betas?
/Magnus
