Add SSL verify flag.
> In database, add 'sslverify' to 'server' table, defaulting to
false so upgrades won't break existing setups. This modifies
schema, requiring a version bump, changes to migration scripts, etc.
> In protocol, add 'sslVerify' to Network::Server, configuring if
SSL errors should be ignored or result in disconnect.
Add 'VerifyServerSSL' feature flag so the client can tell users about
needing to upgrade their core to get this feature.
If SSL verification fails and...
> SSL verify enabled: disconnect and trigger a retry, logging the
error message in the status buffer
> SSL verify disabled: log the error message at Info level and
continue connecting anyways
Add "Verify connection security" checkbox to network add/edit dialogs
with an explanatory tooltip. Tooltip is modified and checkbox
disabled if the core does not support the feature. Connections are
verified by default when "Use encrypted connection" is checked.
Change "Use SSL" and "Use secure connection" to
"Use encrypted connection" to better reflect what the option does.
Fix tooltips and other strings in network editing dialogs.
Testing:
> Database schema handling
SQLite new install - works
SQLite upgrade - works
SQLite migrate to Postgres - works
Postgres new install - works
Postgres upgrade - works
> Client/core connections
New client, new core - works
New client, old core - works, verify SSL grayed out
Old client, new core - works, verify SSL reset to false on edit
(Unfortunately there's no way to use a boolean and tell if the client
is old, or actually setting verify SSL to false. Would need the
work-in-progress ClientFeature system 'esainane' designed)
(Not using '@mention' since that notifies on EVERY commit push)
projects / quassel.git / commitdiff