Re: Support for sslverify

Dave Page wrote:
> On Mon, Mar 16, 2009 at 1:57 PM, Magnus Hagander <magnus(at)hagander(dot)net> wrote:
>
>> OK, here's a patch that tries this. Since we're in beta, I definitely
>> want eyes on it before I commit :-)
>
> OK, I've applied eyes - here are my immediate thoughts:
>
> - The verify mode strings look quite long, per my comment on IM.
> Perhaps Full, Certificate or None would be better.

I considered that, but I think that would be rather confusing the way
the dialog is done. Then we'd need a separate header for it, no?

FWIW, they fit fine in the dropdown on my Ubuntu box...

The way it is now, only the "verification" part will slip outside the
dialog box it they're too long, so I don't think it's too bad?

> - There doesn't seem to be any way to push the verify mode down to the
> backup/backupall/backupglobals/restore dialogues, or to the debugger
> (which, annoyingly, still has it's own connection class). Do we want
> to re-verify in those places, or just set verify=none, as we've
> already verified at initial connection? I guess in theory a mitm
> attack could start after we initially connect.

Ick. I'll need to look into that. We must absolutely verify every
connection, anything else is very stupid.

> - Should verify mode also be exposed in the plugins interface? SSL
> mode is, so it would seem logical.

Yes, if it is, it should be. I think I need to go over my grepping a bit
more carefully to see if there are more places.

//Magnus