Thread: Patch to support SSL certificate connections

Patch to support SSL certificate connections

From
Guillaume Lelarge
Date:
Hi,

This patch adds support to specify SSL certificate files and to connect
according to those.

It's pretty straightforward: four file pickers to handle on dlgServer,
and changes in the connection code to add those parameters in the
connection string.

Comments?


--
Guillaume
 http://www.postgresql.fr
 http://dalibo.com

Re: Patch to support SSL certificate connections

From
Guillaume Lelarge
Date:
Le 19/01/2011 00:35, Guillaume Lelarge a écrit :
> Hi,
>
> This patch adds support to specify SSL certificate files and to connect
> according to those.
>
> It's pretty straightforward: four file pickers to handle on dlgServer,
> and changes in the connection code to add those parameters in the
> connection string.
>

A screenshot attached so that you can see the UI without building pgAdmin :)

Comments?


--
Guillaume
 http://www.postgresql.fr
 http://dalibo.com

Attachment

Re: Patch to support SSL certificate connections

From
Dave Page
Date:
On Thu, Jan 20, 2011 at 10:08 PM, Guillaume Lelarge
<guillaume@lelarge.info> wrote:
> Le 19/01/2011 00:35, Guillaume Lelarge a écrit :
>> Hi,
>>
>> This patch adds support to specify SSL certificate files and to connect
>> according to those.
>>
>> It's pretty straightforward: four file pickers to handle on dlgServer,
>> and changes in the connection code to add those parameters in the
>> connection string.
>>
>
> A screenshot attached so that you can see the UI without building pgAdmin :)

I think the SSL tab should come before Advanced (I think Advanced
should always be last, except where there's a SQL tab).

Also, what's with the inconsistent text/artwork on the buttons?

--
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake

EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company

Re: Patch to support SSL certificate connections

From
Magnus Hagander
Date:
On Thu, Jan 20, 2011 at 23:08, Guillaume Lelarge <guillaume@lelarge.info> wrote:
> Le 19/01/2011 00:35, Guillaume Lelarge a écrit :
>> Hi,
>>
>> This patch adds support to specify SSL certificate files and to connect
>> according to those.
>>
>> It's pretty straightforward: four file pickers to handle on dlgServer,
>> and changes in the connection code to add those parameters in the
>> connection string.
>>
>
> A screenshot attached so that you can see the UI without building pgAdmin :)
>
> Comments?

I would move root cert up before the others. Also CRL.

Root cert and CRL are about validating the *server* certificate. Key
and cert file are about SSL authentication of the *client* (thus
*client* certificates). They should definitely be in that order -
perhaps even grouped with a headline?

--
 Magnus Hagander
 Me: http://www.hagander.net/
 Work: http://www.redpill-linpro.com/

Re: Patch to support SSL certificate connections

From
Guillaume Lelarge
Date:
Le 21/01/2011 10:15, Dave Page a écrit :
> On Thu, Jan 20, 2011 at 10:08 PM, Guillaume Lelarge
> <guillaume@lelarge.info> wrote:
>> Le 19/01/2011 00:35, Guillaume Lelarge a écrit :
>>> Hi,
>>>
>>> This patch adds support to specify SSL certificate files and to connect
>>> according to those.
>>>
>>> It's pretty straightforward: four file pickers to handle on dlgServer,
>>> and changes in the connection code to add those parameters in the
>>> connection string.
>>>
>>
>> A screenshot attached so that you can see the UI without building pgAdmin :)
>
> I think the SSL tab should come before Advanced (I think Advanced
> should always be last, except where there's a SQL tab).
>

Done.

> Also, what's with the inconsistent text/artwork on the buttons?
>

What do you mean?


--
Guillaume
 http://www.postgresql.fr
 http://dalibo.com

Re: Patch to support SSL certificate connections

From
Guillaume Lelarge
Date:
Le 21/01/2011 10:17, Magnus Hagander a écrit :
> On Thu, Jan 20, 2011 at 23:08, Guillaume Lelarge <guillaume@lelarge.info> wrote:
>> Le 19/01/2011 00:35, Guillaume Lelarge a écrit :
>>> Hi,
>>>
>>> This patch adds support to specify SSL certificate files and to connect
>>> according to those.
>>>
>>> It's pretty straightforward: four file pickers to handle on dlgServer,
>>> and changes in the connection code to add those parameters in the
>>> connection string.
>>>
>>
>> A screenshot attached so that you can see the UI without building pgAdmin :)
>>
>> Comments?
>
> I would move root cert up before the others. Also CRL.
>
> Root cert and CRL are about validating the *server* certificate. Key
> and cert file are about SSL authentication of the *client* (thus
> *client* certificates). They should definitely be in that order -
> perhaps even grouped with a headline?
>

Done for moving widgets. Not sure grouped widgets could make sense here.


--
Guillaume
 http://www.postgresql.fr
 http://dalibo.com

Re: Patch to support SSL certificate connections

From
Dave Page
Date:
On Sat, Jan 22, 2011 at 12:33 AM, Guillaume Lelarge
<guillaume@lelarge.info> wrote:
> Le 21/01/2011 10:15, Dave Page a écrit :
> Done.
>
>> Also, what's with the inconsistent text/artwork on the buttons?
>>

The first browse button has no leading icon, and the text:

(No...

The second has an icon, and:

ro...

The third has an icon and:

...

The fourth has no icon, and:

(No...

It's ugly, inconsistent and, well, useless.

--
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake

EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company

SSL certificate connections + smartcard

From
Jean-Michel Pouré - GOOZE
Date:
Le mercredi 19 janvier 2011 à 00:35 +0100, Guillaume Lelarge a écrit :
> This patch adds support to specify SSL certificate files and to
> connect
> according to those.

Dear Guillaume, Dave and other pgAdmin developers;

I would be glad to offer you a Feitian PKI + reader if you are intested
in securing a connection using a smartcard or a security token.

Our solutions rely on OpenSC free software, with frameworks for Windows,
GNU/Linux and Mac OS.

To apply, just register here:
http://www.gooze.eu/feitian-pki-free-software-developer-card

The doc about the smartcard is here:
http://www.gooze.eu/howto/smartcard-quickstarter-guide
http://www.gooze.eu/tutorials

You should be able to use libp11 to offer PKCS#11 support in pgAdmin:
http://www.opensc-project.org/libp11

Kind regards;
--
                  Jean-Michel Pouré - Gooze - http://www.gooze.eu


Re: Patch to support SSL certificate connections

From
Guillaume Lelarge
Date:
Le 22/01/2011 09:00, Dave Page a écrit :
> On Sat, Jan 22, 2011 at 12:33 AM, Guillaume Lelarge
> <guillaume@lelarge.info> wrote:
>> Le 21/01/2011 10:15, Dave Page a écrit :
>> Done.
>>
>>> Also, what's with the inconsistent text/artwork on the buttons?
>>>
>
> The first browse button has no leading icon, and the text:
>
> (No...
>
> The second has an icon, and:
>
> ro...
>
> The third has an icon and:
>
> ...
>
> The fourth has no icon, and:
>
> (No...
>
> It's ugly, inconsistent and, well, useless.
>

Yeah, this is fixed. See my next mail to answer Magnus' question.


--
Guillaume
 http://www.postgresql.fr
 http://dalibo.com

Re: Patch to support SSL certificate connections

From
Guillaume Lelarge
Date:
Le 22/01/2011 01:34, Guillaume Lelarge a écrit :
> Le 21/01/2011 10:17, Magnus Hagander a écrit :
>> On Thu, Jan 20, 2011 at 23:08, Guillaume Lelarge <guillaume@lelarge.info> wrote:
>>> Le 19/01/2011 00:35, Guillaume Lelarge a écrit :
>>>> Hi,
>>>>
>>>> This patch adds support to specify SSL certificate files and to connect
>>>> according to those.
>>>>
>>>> It's pretty straightforward: four file pickers to handle on dlgServer,
>>>> and changes in the connection code to add those parameters in the
>>>> connection string.
>>>>
>>>
>>> A screenshot attached so that you can see the UI without building pgAdmin :)
>>>
>>> Comments?
>>
>> I would move root cert up before the others. Also CRL.
>>
>> Root cert and CRL are about validating the *server* certificate. Key
>> and cert file are about SSL authentication of the *client* (thus
>> *client* certificates). They should definitely be in that order -
>> perhaps even grouped with a headline?
>>
>
> Done for moving widgets. Not sure grouped widgets could make sense here.
>

Here is what I finally managed to do. Comments?


--
Guillaume
 http://www.postgresql.fr
 http://dalibo.com

Attachment

Re: Patch to support SSL certificate connections

From
Dave Page
Date:
On Thu, Jan 27, 2011 at 9:56 PM, Guillaume Lelarge
<guillaume@lelarge.info> wrote:
> Le 22/01/2011 01:34, Guillaume Lelarge a écrit :
>> Le 21/01/2011 10:17, Magnus Hagander a écrit :
>>> On Thu, Jan 20, 2011 at 23:08, Guillaume Lelarge <guillaume@lelarge.info> wrote:
>>>> Le 19/01/2011 00:35, Guillaume Lelarge a écrit :
>>>>> Hi,
>>>>>
>>>>> This patch adds support to specify SSL certificate files and to connect
>>>>> according to those.
>>>>>
>>>>> It's pretty straightforward: four file pickers to handle on dlgServer,
>>>>> and changes in the connection code to add those parameters in the
>>>>> connection string.
>>>>>
>>>>
>>>> A screenshot attached so that you can see the UI without building pgAdmin :)
>>>>
>>>> Comments?
>>>
>>> I would move root cert up before the others. Also CRL.
>>>
>>> Root cert and CRL are about validating the *server* certificate. Key
>>> and cert file are about SSL authentication of the *client* (thus
>>> *client* certificates). They should definitely be in that order -
>>> perhaps even grouped with a headline?
>>>
>>
>> Done for moving widgets. Not sure grouped widgets could make sense here.
>>
>
> Here is what I finally managed to do. Comments?

Why the change from the standard layout used everywhere else?



--
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake

EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company

Re: Patch to support SSL certificate connections

From
Ashesh Vashi
Date:
Hi Guillaume,

I think - you've used wxStaticBox here.
If I am not wrong, please consider this patch for testing on osx.
I've faced an issue in recent past with the wxStaticBox related to mouse & keyboard events pass to the components the components under it on osx.

--
Thanks & Regards,


Ashesh Vashi
EnterpriseDB INDIA:
Enterprise PostgreSQL Company

 

http://www.linkedin.com/in/asheshvashi



On Fri, Jan 28, 2011 at 3:26 AM, Guillaume Lelarge <guillaume@lelarge.info> wrote:
Le 22/01/2011 01:34, Guillaume Lelarge a écrit :
> Le 21/01/2011 10:17, Magnus Hagander a écrit :
>> On Thu, Jan 20, 2011 at 23:08, Guillaume Lelarge <guillaume@lelarge.info> wrote:
>>> Le 19/01/2011 00:35, Guillaume Lelarge a écrit :
>>>> Hi,
>>>>
>>>> This patch adds support to specify SSL certificate files and to connect
>>>> according to those.
>>>>
>>>> It's pretty straightforward: four file pickers to handle on dlgServer,
>>>> and changes in the connection code to add those parameters in the
>>>> connection string.
>>>>
>>>
>>> A screenshot attached so that you can see the UI without building pgAdmin :)
>>>
>>> Comments?
>>
>> I would move root cert up before the others. Also CRL.
>>
>> Root cert and CRL are about validating the *server* certificate. Key
>> and cert file are about SSL authentication of the *client* (thus
>> *client* certificates). They should definitely be in that order -
>> perhaps even grouped with a headline?
>>
>
> Done for moving widgets. Not sure grouped widgets could make sense here.
>

Here is what I finally managed to do. Comments?


--
Sent via pgadmin-hackers mailing list (pgadmin-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgadmin-hackers


Re: Patch to support SSL certificate connections

From
Guillaume Lelarge
Date:
Le 28/01/2011 02:11, Dave Page a écrit :
> On Thu, Jan 27, 2011 at 9:56 PM, Guillaume Lelarge
> <guillaume@lelarge.info> wrote:
>> Le 22/01/2011 01:34, Guillaume Lelarge a écrit :
>>> Le 21/01/2011 10:17, Magnus Hagander a écrit :
>>>> On Thu, Jan 20, 2011 at 23:08, Guillaume Lelarge <guillaume@lelarge.info> wrote:
>>>>> Le 19/01/2011 00:35, Guillaume Lelarge a écrit :
>>>>>> Hi,
>>>>>>
>>>>>> This patch adds support to specify SSL certificate files and to connect
>>>>>> according to those.
>>>>>>
>>>>>> It's pretty straightforward: four file pickers to handle on dlgServer,
>>>>>> and changes in the connection code to add those parameters in the
>>>>>> connection string.
>>>>>>
>>>>>
>>>>> A screenshot attached so that you can see the UI without building pgAdmin :)
>>>>>
>>>>> Comments?
>>>>
>>>> I would move root cert up before the others. Also CRL.
>>>>
>>>> Root cert and CRL are about validating the *server* certificate. Key
>>>> and cert file are about SSL authentication of the *client* (thus
>>>> *client* certificates). They should definitely be in that order -
>>>> perhaps even grouped with a headline?
>>>>
>>>
>>> Done for moving widgets. Not sure grouped widgets could make sense here.
>>>
>>
>> Here is what I finally managed to do. Comments?
>
> Why the change from the standard layout used everywhere else?
>

Because Magnus asked for that kind of design? (grouped with a headline)
I actually also tried with a wxStaticLine but it seems to need a fixed size.


--
Guillaume
 http://www.postgresql.fr
 http://dalibo.com

Re: Patch to support SSL certificate connections

From
Guillaume Lelarge
Date:
Hi Ashesh,

Le 28/01/2011 04:58, Ashesh Vashi a écrit :
> [...]
> I think - you've used wxStaticBox here.

Actually, it's a wxStaticBoxSizer. Not sure if it matters.

> If I am not wrong, please consider this patch for testing on osx.
> I've faced an issue in recent past with the wxStaticBox related to mouse &
> keyboard events pass to the components the components under it on osx.
>

Will be hard. I still cannot have a good build on osx.


--
Guillaume
 http://www.postgresql.fr
 http://dalibo.com

Re: Patch to support SSL certificate connections

From
Ashesh Vashi
Date:
Hi Guillaume,

On Fri, Jan 28, 2011 at 12:57 PM, Guillaume Lelarge <guillaume@lelarge.info> wrote:
Hi Ashesh,

Le 28/01/2011 04:58, Ashesh Vashi a écrit :
> [...]
> I think - you've used wxStaticBox here.

Actually, it's a wxStaticBoxSizer. Not sure if it matters.
It does.
I was using the wxStaticBoxSizer only and that uses wxStaticBox.
It won't work. :-(


> If I am not wrong, please consider this patch for testing on osx.
> I've faced an issue in recent past with the wxStaticBox related to mouse &
> keyboard events pass to the components the components under it on osx.
>

Will be hard. I still cannot have a good build on osx.
Send me the patch.
I will spend some time on weekends.


--
Thanks & Regards,


Ashesh Vashi
EnterpriseDB INDIA:
Enterprise PostgreSQL Company

 

http://www.linkedin.com/in/asheshvashi

 


--

Re: Patch to support SSL certificate connections

From
Dave Page
Date:
On Fri, Jan 28, 2011 at 7:25 AM, Guillaume Lelarge
<guillaume@lelarge.info> wrote:
> Le 28/01/2011 02:11, Dave Page a écrit :
>> On Thu, Jan 27, 2011 at 9:56 PM, Guillaume Lelarge
>> <guillaume@lelarge.info> wrote:
>>> Le 22/01/2011 01:34, Guillaume Lelarge a écrit :
>>>> Le 21/01/2011 10:17, Magnus Hagander a écrit :
>>>>> On Thu, Jan 20, 2011 at 23:08, Guillaume Lelarge <guillaume@lelarge.info> wrote:
>>>>>> Le 19/01/2011 00:35, Guillaume Lelarge a écrit :
>>>>>>> Hi,
>>>>>>>
>>>>>>> This patch adds support to specify SSL certificate files and to connect
>>>>>>> according to those.
>>>>>>>
>>>>>>> It's pretty straightforward: four file pickers to handle on dlgServer,
>>>>>>> and changes in the connection code to add those parameters in the
>>>>>>> connection string.
>>>>>>>
>>>>>>
>>>>>> A screenshot attached so that you can see the UI without building pgAdmin :)
>>>>>>
>>>>>> Comments?
>>>>>
>>>>> I would move root cert up before the others. Also CRL.
>>>>>
>>>>> Root cert and CRL are about validating the *server* certificate. Key
>>>>> and cert file are about SSL authentication of the *client* (thus
>>>>> *client* certificates). They should definitely be in that order -
>>>>> perhaps even grouped with a headline?
>>>>>
>>>>
>>>> Done for moving widgets. Not sure grouped widgets could make sense here.
>>>>
>>>
>>> Here is what I finally managed to do. Comments?
>>
>> Why the change from the standard layout used everywhere else?
>>
>
> Because Magnus asked for that kind of design? (grouped with a headline)

He suggested it, but that doesn't mean it has to be done. If we're
going to break the property dialog design guidelines and start laying
things out in new formats we need to be *really* careful to avoid
getting in an inconsistent mess.


--
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake

EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company

Re: Patch to support SSL certificate connections

From
Guillaume Lelarge
Date:
Le 28/01/2011 09:21, Dave Page a écrit :
> On Fri, Jan 28, 2011 at 7:25 AM, Guillaume Lelarge
> <guillaume@lelarge.info> wrote:
>> Le 28/01/2011 02:11, Dave Page a écrit :
>>> On Thu, Jan 27, 2011 at 9:56 PM, Guillaume Lelarge
>>> <guillaume@lelarge.info> wrote:
>>>> Le 22/01/2011 01:34, Guillaume Lelarge a écrit :
>>>>> Le 21/01/2011 10:17, Magnus Hagander a écrit :
>>>>>> On Thu, Jan 20, 2011 at 23:08, Guillaume Lelarge <guillaume@lelarge.info> wrote:
>>>>>>> Le 19/01/2011 00:35, Guillaume Lelarge a écrit :
>>>>>>>> Hi,
>>>>>>>>
>>>>>>>> This patch adds support to specify SSL certificate files and to connect
>>>>>>>> according to those.
>>>>>>>>
>>>>>>>> It's pretty straightforward: four file pickers to handle on dlgServer,
>>>>>>>> and changes in the connection code to add those parameters in the
>>>>>>>> connection string.
>>>>>>>>
>>>>>>>
>>>>>>> A screenshot attached so that you can see the UI without building pgAdmin :)
>>>>>>>
>>>>>>> Comments?
>>>>>>
>>>>>> I would move root cert up before the others. Also CRL.
>>>>>>
>>>>>> Root cert and CRL are about validating the *server* certificate. Key
>>>>>> and cert file are about SSL authentication of the *client* (thus
>>>>>> *client* certificates). They should definitely be in that order -
>>>>>> perhaps even grouped with a headline?
>>>>>>
>>>>>
>>>>> Done for moving widgets. Not sure grouped widgets could make sense here.
>>>>>
>>>>
>>>> Here is what I finally managed to do. Comments?
>>>
>>> Why the change from the standard layout used everywhere else?
>>>
>>
>> Because Magnus asked for that kind of design? (grouped with a headline)
>
> He suggested it, but that doesn't mean it has to be done. If we're
> going to break the property dialog design guidelines and start laying
> things out in new formats we need to be *really* careful to avoid
> getting in an inconsistent mess.
>

Yeah, I know. And "grouped with a headline" doesn't mean we have to use
a wxStaticBoxSizer. Anyway, reading your comments and Ashesh's comments,
I will drop the wxStaticBoxSizer and everyone will be happy:

* no strange issue on MacOSX for Ashesh
* no weird design for you
* but still first server certificate and then client certificate for Magnus.

Will try to work on this today.


--
Guillaume
 http://www.postgresql.fr
 http://dalibo.com

Re: Patch to support SSL certificate connections

From
Guillaume Lelarge
Date:
Le 28/01/2011 09:37, Guillaume Lelarge a écrit :
> Le 28/01/2011 09:21, Dave Page a écrit :
>> On Fri, Jan 28, 2011 at 7:25 AM, Guillaume Lelarge
>> <guillaume@lelarge.info> wrote:
>>> Le 28/01/2011 02:11, Dave Page a écrit :
>>>> On Thu, Jan 27, 2011 at 9:56 PM, Guillaume Lelarge
>>>> <guillaume@lelarge.info> wrote:
>>>>> Le 22/01/2011 01:34, Guillaume Lelarge a écrit :
>>>>>> Le 21/01/2011 10:17, Magnus Hagander a écrit :
>>>>>>> On Thu, Jan 20, 2011 at 23:08, Guillaume Lelarge <guillaume@lelarge.info> wrote:
>>>>>>>> Le 19/01/2011 00:35, Guillaume Lelarge a écrit :
>>>>>>>>> Hi,
>>>>>>>>>
>>>>>>>>> This patch adds support to specify SSL certificate files and to connect
>>>>>>>>> according to those.
>>>>>>>>>
>>>>>>>>> It's pretty straightforward: four file pickers to handle on dlgServer,
>>>>>>>>> and changes in the connection code to add those parameters in the
>>>>>>>>> connection string.
>>>>>>>>>
>>>>>>>>
>>>>>>>> A screenshot attached so that you can see the UI without building pgAdmin :)
>>>>>>>>
>>>>>>>> Comments?
>>>>>>>
>>>>>>> I would move root cert up before the others. Also CRL.
>>>>>>>
>>>>>>> Root cert and CRL are about validating the *server* certificate. Key
>>>>>>> and cert file are about SSL authentication of the *client* (thus
>>>>>>> *client* certificates). They should definitely be in that order -
>>>>>>> perhaps even grouped with a headline?
>>>>>>>
>>>>>>
>>>>>> Done for moving widgets. Not sure grouped widgets could make sense here.
>>>>>>
>>>>>
>>>>> Here is what I finally managed to do. Comments?
>>>>
>>>> Why the change from the standard layout used everywhere else?
>>>>
>>>
>>> Because Magnus asked for that kind of design? (grouped with a headline)
>>
>> He suggested it, but that doesn't mean it has to be done. If we're
>> going to break the property dialog design guidelines and start laying
>> things out in new formats we need to be *really* careful to avoid
>> getting in an inconsistent mess.
>>
>
> Yeah, I know. And "grouped with a headline" doesn't mean we have to use
> a wxStaticBoxSizer. Anyway, reading your comments and Ashesh's comments,
> I will drop the wxStaticBoxSizer and everyone will be happy:
>
> * no strange issue on MacOSX for Ashesh
> * no weird design for you
> * but still first server certificate and then client certificate for Magnus.
>
> Will try to work on this today.
>

What about this one?


--
Guillaume
 http://www.postgresql.fr
 http://dalibo.com

Attachment

Re: Patch to support SSL certificate connections

From
Dave Page
Date:
That's better.

Fyi, the other design did look OK - i just think we need to plan such
changes properly and implement in batches rather than piecemeal.

On 1/28/11, Guillaume Lelarge <guillaume@lelarge.info> wrote:
> Le 28/01/2011 09:37, Guillaume Lelarge a écrit :
>> Le 28/01/2011 09:21, Dave Page a écrit :
>>> On Fri, Jan 28, 2011 at 7:25 AM, Guillaume Lelarge
>>> <guillaume@lelarge.info> wrote:
>>>> Le 28/01/2011 02:11, Dave Page a écrit :
>>>>> On Thu, Jan 27, 2011 at 9:56 PM, Guillaume Lelarge
>>>>> <guillaume@lelarge.info> wrote:
>>>>>> Le 22/01/2011 01:34, Guillaume Lelarge a écrit :
>>>>>>> Le 21/01/2011 10:17, Magnus Hagander a écrit :
>>>>>>>> On Thu, Jan 20, 2011 at 23:08, Guillaume Lelarge
>>>>>>>> <guillaume@lelarge.info> wrote:
>>>>>>>>> Le 19/01/2011 00:35, Guillaume Lelarge a écrit :
>>>>>>>>>> Hi,
>>>>>>>>>>
>>>>>>>>>> This patch adds support to specify SSL certificate files and to
>>>>>>>>>> connect
>>>>>>>>>> according to those.
>>>>>>>>>>
>>>>>>>>>> It's pretty straightforward: four file pickers to handle on
>>>>>>>>>> dlgServer,
>>>>>>>>>> and changes in the connection code to add those parameters in the
>>>>>>>>>> connection string.
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>> A screenshot attached so that you can see the UI without building
>>>>>>>>> pgAdmin :)
>>>>>>>>>
>>>>>>>>> Comments?
>>>>>>>>
>>>>>>>> I would move root cert up before the others. Also CRL.
>>>>>>>>
>>>>>>>> Root cert and CRL are about validating the *server* certificate. Key
>>>>>>>> and cert file are about SSL authentication of the *client* (thus
>>>>>>>> *client* certificates). They should definitely be in that order -
>>>>>>>> perhaps even grouped with a headline?
>>>>>>>>
>>>>>>>
>>>>>>> Done for moving widgets. Not sure grouped widgets could make sense
>>>>>>> here.
>>>>>>>
>>>>>>
>>>>>> Here is what I finally managed to do. Comments?
>>>>>
>>>>> Why the change from the standard layout used everywhere else?
>>>>>
>>>>
>>>> Because Magnus asked for that kind of design? (grouped with a headline)
>>>
>>> He suggested it, but that doesn't mean it has to be done. If we're
>>> going to break the property dialog design guidelines and start laying
>>> things out in new formats we need to be *really* careful to avoid
>>> getting in an inconsistent mess.
>>>
>>
>> Yeah, I know. And "grouped with a headline" doesn't mean we have to use
>> a wxStaticBoxSizer. Anyway, reading your comments and Ashesh's comments,
>> I will drop the wxStaticBoxSizer and everyone will be happy:
>>
>> * no strange issue on MacOSX for Ashesh
>> * no weird design for you
>> * but still first server certificate and then client certificate for
>> Magnus.
>>
>> Will try to work on this today.
>>
>
> What about this one?
>
>
> --
> Guillaume
>  http://www.postgresql.fr
>  http://dalibo.com
>


--
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake

EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company

Re: Patch to support SSL certificate connections

From
Guillaume Lelarge
Date:
Le 28/01/2011 19:39, Dave Page a écrit :
> That's better.
>
> Fyi, the other design did look OK - i just think we need to plan such
> changes properly and implement in batches rather than piecemeal.
>

My issue with my last design is that the two first buttons and the two
last buttons were not properly aligned. It didn't feel right with the
rest of the widgets.

I think that, with the new labels, it should be enough.


--
Guillaume
 http://www.postgresql.fr
 http://dalibo.com

Re: Patch to support SSL certificate connections

From
Guillaume Lelarge
Date:
Le 28/01/2011 20:44, Guillaume Lelarge a écrit :
> Le 28/01/2011 19:39, Dave Page a écrit :
>> That's better.
>>
>> Fyi, the other design did look OK - i just think we need to plan such
>> changes properly and implement in batches rather than piecemeal.
>>
>
> My issue with my last design is that the two first buttons and the two
> last buttons were not properly aligned. It didn't feel right with the
> rest of the widgets.
>
> I think that, with the new labels, it should be enough.
>

Commited.


--
Guillaume
 http://www.postgresql.fr
 http://dalibo.com