[Rt-commit] rt branch, 4.2/dsn-attributes, created. rt-4.2.9-77-gdb679b8
Alex Vandiver
alexmv at bestpractical.com
Thu Jan 29 15:56:59 EST 2015
The branch, 4.2/dsn-attributes has been created
at db679b8d332598ee55817385417e361f328e644d (commit)
- Log -----------------------------------------------------------------
commit a6c9cba850b8fdfbe32b30233bccef785b70aa82
Author: Alex Vandiver <alexmv at bestpractical.com>
Date: Thu Jan 29 15:11:22 2015 -0500
Drop DatabaseRequireSSL option; it does nothing
DBD::Pg has never supported the "requiressl=1" DSN attribute that
DBIx::SearchBuilder sets based on this parameter. Remove the option, to
not mislead admins.
diff --git a/docs/UPGRADING-4.2 b/docs/UPGRADING-4.2
index 2ed98e4..3ee9a66 100644
--- a/docs/UPGRADING-4.2
+++ b/docs/UPGRADING-4.2
@@ -345,4 +345,11 @@ have been overridden by CSS since 4.0.0, and thus did not affect
display. They have been removed, and setting them will trigger an
informational message that setting them is ineffective.
+=head1 UPGRADING FROM 4.2.9 AND EARLIER
+
+The C<$DatabaseRequireSSL> option has never affected whether the
+database connection was performed using SSL, even under Postgres. It
+has been removed, and setting it will trigger an informational message
+that setting it is ineffective.
+
=cut
diff --git a/etc/RT_Config.pm.in b/etc/RT_Config.pm.in
index 294b255..3502d60 100644
--- a/etc/RT_Config.pm.in
+++ b/etc/RT_Config.pm.in
@@ -211,16 +211,6 @@ SID and database objects are created in C<$DatabaseUser>'s schema.
Set($DatabaseName, q{@DB_DATABASE@});
-=item C<$DatabaseRequireSSL>
-
-If you're using PostgreSQL and have compiled in SSL support, set
-C<$DatabaseRequireSSL> to 1 to turn on SSL communication with the
-database.
-
-=cut
-
-Set($DatabaseRequireSSL, undef);
-
=item C<$DatabaseAdmin>
The name of the database administrator to connect to the database as
diff --git a/lib/RT/Config.pm b/lib/RT/Config.pm
index b4ae6c8..3a5af16 100644
--- a/lib/RT/Config.pm
+++ b/lib/RT/Config.pm
@@ -982,6 +982,12 @@ our %META;
Message => "The LogoImageWidth configuration option did not affect display, and has been removed; please remove it from your RT_SiteConfig.pm",
},
},
+ DatabaseRequireSSL => {
+ Deprecated => {
+ LogLevel => "info",
+ Message => "The DatabaseRequireSSL configuration option did not enable SSL connections to the database, and has been removed; please remove it from your RT_SiteConfig.pm",
+ },
+ },
);
my %OPTIONS = ();
my @LOADED_CONFIGS = ();
diff --git a/lib/RT/Handle.pm b/lib/RT/Handle.pm
index 3b8bff5..ca65377 100644
--- a/lib/RT/Handle.pm
+++ b/lib/RT/Handle.pm
@@ -165,7 +165,6 @@ sub BuildDSN {
Database => $db_name,
Port => $db_port,
Driver => $db_type,
- RequireSSL => RT->Config->Get('DatabaseRequireSSL'),
);
if ( $db_type eq 'Oracle' && $db_host ) {
$args{'SID'} = delete $args{'Database'};
diff --git a/lib/RT/Installer.pm b/lib/RT/Installer.pm
index fedd92c..ccf4896 100644
--- a/lib/RT/Installer.pm
+++ b/lib/RT/Installer.pm
@@ -131,12 +131,6 @@ my %Meta = (
Hints => 'The password RT should use to connect to the database.',
},
},
- DatabaseRequireSSL => {
- Widget => '/Widgets/Form/Boolean',
- WidgetArguments => {
- Description => 'Use SSL?', # loc
- },
- },
rtname => {
Widget => '/Widgets/Form/String',
WidgetArguments => {
diff --git a/share/html/Install/DatabaseDetails.html b/share/html/Install/DatabaseDetails.html
index b79af88..b64cc5a 100644
--- a/share/html/Install/DatabaseDetails.html
+++ b/share/html/Install/DatabaseDetails.html
@@ -105,9 +105,6 @@ unless ( $db_type eq 'SQLite' ) {
push @Types, 'DatabaseHost', 'DatabasePort', 'DatabaseAdmin',
'DatabaseAdminPassword', 'DatabaseUser', 'DatabasePassword';
}
-if ( $db_type eq 'Pg' ) {
- push @Types, 'DatabaseRequireSSL';
-}
if ( $Run ) {
diff --git a/share/html/Install/index.html b/share/html/Install/index.html
index 21fb3eb..f4d9518 100644
--- a/share/html/Install/index.html
+++ b/share/html/Install/index.html
@@ -110,7 +110,7 @@ elsif ( $Run ) {
$RT::Installer->{InstallConfig} ||= {};
for my $field (
qw/DatabaseType DatabaseName DatabaseHost DatabasePort
- DatabaseUser DatabaseRequireSSL rtname
+ DatabaseUser rtname
Organization CommentAddress CorrespondAddress
SendmailPath WebDomain WebPort/
) {
diff --git a/t/web/install.t b/t/web/install.t
index df202e5..e33e58b 100644
--- a/t/web/install.t
+++ b/t/web/install.t
@@ -64,7 +64,7 @@ SKIP: {
$m->select( 'DatabaseType', 'Pg' );
$m->click;
for my $field (
- qw/Name Host Port Admin AdminPassword User Password RequireSSL/)
+ qw/Name Host Port Admin AdminPassword User Password/)
{
ok( $m->current_form->find_input("Database$field"),
"db Pg has field Database$field" );
commit db679b8d332598ee55817385417e361f328e644d
Author: Alex Vandiver <alexmv at bestpractical.com>
Date: Thu Jan 29 15:43:33 2015 -0500
Add a %DatabaseExtraDSN to allow for extra DB connectivity options
Also provide examples that discuss using %DatabaseExtraDSN to use SSL
when connecting to the database.
diff --git a/docs/UPGRADING-4.2 b/docs/UPGRADING-4.2
index 3ee9a66..84ce961 100644
--- a/docs/UPGRADING-4.2
+++ b/docs/UPGRADING-4.2
@@ -348,8 +348,9 @@ informational message that setting them is ineffective.
=head1 UPGRADING FROM 4.2.9 AND EARLIER
The C<$DatabaseRequireSSL> option has never affected whether the
-database connection was performed using SSL, even under Postgres. It
-has been removed, and setting it will trigger an informational message
-that setting it is ineffective.
+database connection was performed using SSL, even under Postgres; the
+functionality can now be implemented via C<%DatabaseExtraDSN>.
+C<$DatabaseRequireSSL> has been removed, and setting it will trigger an
+informational message that setting it is ineffective.
=cut
diff --git a/etc/RT_Config.pm.in b/etc/RT_Config.pm.in
index 3502d60..60d8e5b 100644
--- a/etc/RT_Config.pm.in
+++ b/etc/RT_Config.pm.in
@@ -211,6 +211,31 @@ SID and database objects are created in C<$DatabaseUser>'s schema.
Set($DatabaseName, q{@DB_DATABASE@});
+=item C<%DatabaseExtraDSN>
+
+Allows additional properties to be passed to the database connection
+step. Possible properties are specific to the database-type; see
+https://metacpan.org/pod/DBI#connect
+
+For PostgreSQL, for instance, the following enables SSL (but does no
+certificate checking, providing data hiding but no MITM protection):
+
+ # See https://metacpan.org/pod/DBD::Pg#connect
+ # and http://www.postgresql.org/docs/8.4/static/libpq-ssl.html
+ Set( %DatabaseExtraDSN, sslmode => 'require' );
+
+For MySQL, the following acts similarly if the server has enabled SSL.
+Otherwise, it provides no protection; MySQL provides no way to I<force>
+SSL connections:
+
+ # See https://metacpan.org/pod/DBD::mysql#connect
+ # and http://dev.mysql.com/doc/refman/5.1/en/ssl-options.html
+ Set( %DatabaseExtraDSN, mysql_ssl => 1 );
+
+=cut
+
+Set(%DatabaseExtraDSN, ());
+
=item C<$DatabaseAdmin>
The name of the database administrator to connect to the database as
diff --git a/lib/RT/Config.pm b/lib/RT/Config.pm
index 3a5af16..360ea1b 100644
--- a/lib/RT/Config.pm
+++ b/lib/RT/Config.pm
@@ -559,6 +559,10 @@ our %META;
},
# Internal config options
+ DatabaseExtraDSN => {
+ Type => 'HASH',
+ },
+
FullTextSearch => {
Type => 'HASH',
PostLoadCheck => sub {
@@ -984,8 +988,9 @@ our %META;
},
DatabaseRequireSSL => {
Deprecated => {
+ Remove => '4.4',
LogLevel => "info",
- Message => "The DatabaseRequireSSL configuration option did not enable SSL connections to the database, and has been removed; please remove it from your RT_SiteConfig.pm",
+ Message => "The DatabaseRequireSSL configuration option did not enable SSL connections to the database, and has been removed; please remove it from your RT_SiteConfig.pm. Use DatabaseExtraDSN to accomplish the same purpose.",
},
},
);
diff --git a/lib/RT/Handle.pm b/lib/RT/Handle.pm
index ca65377..efd29ab 100644
--- a/lib/RT/Handle.pm
+++ b/lib/RT/Handle.pm
@@ -170,6 +170,13 @@ sub BuildDSN {
$args{'SID'} = delete $args{'Database'};
}
$self->SUPER::BuildDSN( %args );
+
+ if (RT->Config->Get('DatabaseExtraDSN')) {
+ my %extra = RT->Config->Get('DatabaseExtraDSN');
+ $self->{'dsn'} .= ";$_=$extra{$_}"
+ for sort keys %extra;
+ }
+ return $self->{'dsn'};
}
=head2 DSN
-----------------------------------------------------------------------
More information about the rt-commit
mailing list