Re: Support for sslverify

Magnus Hagander wrote:
> On 15 mar 2009, at 17.00, Dave Page <dpage(at)pgadmin(dot)org> wrote:
>
>> On Sun, Mar 15, 2009 at 2:51 PM, Magnus Hagander <magnus(at)hagander(dot)net>
>> wrote:
>>> We've seen it here and Dave reported to me on IM that he has received
>>> further reports of people getting stuck by the new 8.4 SSL code that
>>> verifies server certificates by default.
>>>
>>> I think this will happen for example for everybody who has their pg on a
>>> debian server and their client elsewhere, for example, since debian
>>> enables a snakeoil SSL cert by default (which in itself is a pretty bad
>>> idea, but it's what they do)
>>>
>>>
>>> Should we provide an option to override this (connection option
>>> sslverify) in the connection dialog? And is it something we need to do
>>> for this version (yes, I know it's already in beta..)
>>
>> There's support for this in libpq aready? If so, then please go ahead
>> and fix pgAdmin :-)
>
> Yes, that was part of the original patch. You can set to verify all
> (never before, and default), verify ca (default before *if* the root
> cert was there) or no verification at all.
>
>
>> Note that the server connection diagloue is already pretty much at the
>> maximum height, so any changes there will probably need to include
>> splitting of the tabset.
>
> Crap. That something we want to do between betas?

OK, here's a patch that tries this. Since we're in beta, I definitely
want eyes on it before I commit :-)

//Magnus