SSL setup broken in current code
23 views
Skip to first unread message
Francisco Figueiredo Jr.
Mar 10, 2014, 8:35:14 PM3/10/14
to npgsq...@googlegroups.com
Hi all!
As explained here:
https://github.com/npgsql/Npgsql/issues/176#issuecomment-36874148
currently SSL setup is broken in Npgsql.
Today, SSL connection will try to use SSLStream with a validate remote
certificate callback which returns false and then doesn't allow a
connection to be established.
Now we need to figure out a possible solution for this.
I have somethings in mind:
1. Disable the new ssl code and keep using Mono until we get a better
solution about how to switch to the new code. (It would be fast and
requires less modifications.)
2. Create a connection string parameter to control that. (It would add
a lot of code which would eventually removed after we decide to jump
to the new code.
3. Create a static variable in NpgsqlConnector to control when to use
Mono code or SSLStream code. This would be an ugly hack but would
allow users to easily choose between one implementation and the other.
(It would require little modifications)
What do you all think? I'm more inclined to option 3 because after we
decide to go with any solution (keep using Mono or use SSLStream, it
would be easy to change).
--
Regards,
Francisco Figueiredo Jr.
Npgsql Lead Developer
http://www.npgsql.org
http://gplus.to/franciscojunior
http://fxjr.blogspot.com
http://twitter.com/franciscojunior
As explained here:
https://github.com/npgsql/Npgsql/issues/176#issuecomment-36874148
currently SSL setup is broken in Npgsql.
Today, SSL connection will try to use SSLStream with a validate remote
certificate callback which returns false and then doesn't allow a
connection to be established.
Now we need to figure out a possible solution for this.
I have somethings in mind:
1. Disable the new ssl code and keep using Mono until we get a better
solution about how to switch to the new code. (It would be fast and
requires less modifications.)
2. Create a connection string parameter to control that. (It would add
a lot of code which would eventually removed after we decide to jump
to the new code.
3. Create a static variable in NpgsqlConnector to control when to use
Mono code or SSLStream code. This would be an ugly hack but would
allow users to easily choose between one implementation and the other.
(It would require little modifications)
What do you all think? I'm more inclined to option 3 because after we
decide to go with any solution (keep using Mono or use SSLStream, it
would be easy to change).
--
Regards,
Francisco Figueiredo Jr.
Npgsql Lead Developer
http://www.npgsql.org
http://gplus.to/franciscojunior
http://fxjr.blogspot.com
http://twitter.com/franciscojunior
Reply all
Reply to author
Forward
0 new messages