On Tue, Jan 11, 2022 at 12:20:09PM +0000, Stuart Henderson wrote: > On 2022/01/11 10:53, Theo Buehler wrote: > > > sure, cleartext might sucks, but i always tunnel my cleartext psql cnx > > > over ssh so... i wouldnt have issues with non-ssl pgadmin :) > > > > I figured that might be a common solution and that's why I sent this > > patch for consideration. > > It is exactly pgadmin's built-in ssh tunnel mode that is a problem, > because it uses old libssh2. You can still connect over ssh tunnels > of course, but you have to ssh-forward yourself and connect to > localhost. > > If we can disable pgadmin3's tunneling *without* disabling direct TLS > connections, that's probably more convenient to use.
Right. > Possible diff for that below. > > *However* our port has never been patched to support connecting to > PostgreSQL versions above 11.0, and AFAIK nobody has complained on ports@ > about this. This gives me the impression that nobody is actually likely > to be using it. Sounds like an argument for removal (ok tb for that). > Now the diff. Builds on -current libressl (and disables the SSH tunnel > tab as expected), I don't know if it will work with tb's queued changes > but should be easier to fix if it doesn't. Your diff builds and packages on my -future dev box.
