[Rt-commit] rt branch, 4.2/dsn-attributes, created. rt-4.2.10-20-g1ca61dd
Jesse Vincent
jesse at bestpractical.com
Tue Mar 3 22:47:29 EST 2015
The branch, 4.2/dsn-attributes has been created
at 1ca61ddf40476f959253343d9364a7585137f688 (commit)
- Log -----------------------------------------------------------------
commit 66c87ba3a2745745b7614fd6433bbd4a84ad6ac7
Author: Alex Vandiver <alexmv at bestpractical.com>
Date: Thu Jan 29 15:11:22 2015 -0500
Drop DatabaseRequireSSL option; it does nothing
DBD::Pg has never supported the "requiressl=1" DSN attribute that
DBIx::SearchBuilder sets based on this parameter. Remove the option, to
not mislead admins.
diff --git a/docs/UPGRADING-4.2 b/docs/UPGRADING-4.2
index 3ab005e..f31806d 100644
--- a/docs/UPGRADING-4.2
+++ b/docs/UPGRADING-4.2
@@ -353,4 +353,11 @@ external tools to render HTML to text. This dependency is not installed
by default; however, its use is strongly encouraged, and will resolve
issues with blank outgoing emails.
+=head1 UPGRADING FROM 4.2.10 AND EARLIER
+
+The C<$DatabaseRequireSSL> option has never affected whether the
+database connection was performed using SSL, even under Postgres. It
+has been removed, and setting it will trigger an informational message
+that setting it is ineffective.
+
=cut
diff --git a/etc/RT_Config.pm.in b/etc/RT_Config.pm.in
index c3f7890..07ad8ea 100644
--- a/etc/RT_Config.pm.in
+++ b/etc/RT_Config.pm.in
@@ -211,16 +211,6 @@ SID and database objects are created in C<$DatabaseUser>'s schema.
Set($DatabaseName, q{@DB_DATABASE@});
-=item C<$DatabaseRequireSSL>
-
-If you're using PostgreSQL and have compiled in SSL support, set
-C<$DatabaseRequireSSL> to 1 to turn on SSL communication with the
-database.
-
-=cut
-
-Set($DatabaseRequireSSL, undef);
-
=item C<$DatabaseAdmin>
The name of the database administrator to connect to the database as
diff --git a/lib/RT/Config.pm b/lib/RT/Config.pm
index 3af9468..86a6622 100644
--- a/lib/RT/Config.pm
+++ b/lib/RT/Config.pm
@@ -1000,6 +1000,12 @@ our %META;
Message => "The LogoImageWidth configuration option did not affect display, and has been removed; please remove it from your RT_SiteConfig.pm",
},
},
+ DatabaseRequireSSL => {
+ Deprecated => {
+ LogLevel => "info",
+ Message => "The DatabaseRequireSSL configuration option did not enable SSL connections to the database, and has been removed; please remove it from your RT_SiteConfig.pm",
+ },
+ },
);
my %OPTIONS = ();
my @LOADED_CONFIGS = ();
diff --git a/lib/RT/Handle.pm b/lib/RT/Handle.pm
index 4eb02ad..31c24b5 100644
--- a/lib/RT/Handle.pm
+++ b/lib/RT/Handle.pm
@@ -165,7 +165,6 @@ sub BuildDSN {
Database => $db_name,
Port => $db_port,
Driver => $db_type,
- RequireSSL => RT->Config->Get('DatabaseRequireSSL'),
);
if ( $db_type eq 'Oracle' && $db_host ) {
$args{'SID'} = delete $args{'Database'};
diff --git a/lib/RT/Installer.pm b/lib/RT/Installer.pm
index fedd92c..ccf4896 100644
--- a/lib/RT/Installer.pm
+++ b/lib/RT/Installer.pm
@@ -131,12 +131,6 @@ my %Meta = (
Hints => 'The password RT should use to connect to the database.',
},
},
- DatabaseRequireSSL => {
- Widget => '/Widgets/Form/Boolean',
- WidgetArguments => {
- Description => 'Use SSL?', # loc
- },
- },
rtname => {
Widget => '/Widgets/Form/String',
WidgetArguments => {
diff --git a/share/html/Install/DatabaseDetails.html b/share/html/Install/DatabaseDetails.html
index b79af88..b64cc5a 100644
--- a/share/html/Install/DatabaseDetails.html
+++ b/share/html/Install/DatabaseDetails.html
@@ -105,9 +105,6 @@ unless ( $db_type eq 'SQLite' ) {
push @Types, 'DatabaseHost', 'DatabasePort', 'DatabaseAdmin',
'DatabaseAdminPassword', 'DatabaseUser', 'DatabasePassword';
}
-if ( $db_type eq 'Pg' ) {
- push @Types, 'DatabaseRequireSSL';
-}
if ( $Run ) {
diff --git a/share/html/Install/index.html b/share/html/Install/index.html
index 21fb3eb..f4d9518 100644
--- a/share/html/Install/index.html
+++ b/share/html/Install/index.html
@@ -110,7 +110,7 @@ elsif ( $Run ) {
$RT::Installer->{InstallConfig} ||= {};
for my $field (
qw/DatabaseType DatabaseName DatabaseHost DatabasePort
- DatabaseUser DatabaseRequireSSL rtname
+ DatabaseUser rtname
Organization CommentAddress CorrespondAddress
SendmailPath WebDomain WebPort/
) {
diff --git a/t/web/install.t b/t/web/install.t
index df202e5..e33e58b 100644
--- a/t/web/install.t
+++ b/t/web/install.t
@@ -64,7 +64,7 @@ SKIP: {
$m->select( 'DatabaseType', 'Pg' );
$m->click;
for my $field (
- qw/Name Host Port Admin AdminPassword User Password RequireSSL/)
+ qw/Name Host Port Admin AdminPassword User Password/)
{
ok( $m->current_form->find_input("Database$field"),
"db Pg has field Database$field" );
commit 1ca61ddf40476f959253343d9364a7585137f688
Author: Alex Vandiver <alexmv at bestpractical.com>
Date: Thu Jan 29 15:43:33 2015 -0500
Add a %DatabaseExtraDSN to allow for extra DB connectivity options
Also provide examples that discuss using %DatabaseExtraDSN to use SSL
when connecting to the database.
diff --git a/docs/UPGRADING-4.2 b/docs/UPGRADING-4.2
index f31806d..07a6004 100644
--- a/docs/UPGRADING-4.2
+++ b/docs/UPGRADING-4.2
@@ -356,8 +356,9 @@ issues with blank outgoing emails.
=head1 UPGRADING FROM 4.2.10 AND EARLIER
The C<$DatabaseRequireSSL> option has never affected whether the
-database connection was performed using SSL, even under Postgres. It
-has been removed, and setting it will trigger an informational message
-that setting it is ineffective.
+database connection was performed using SSL, even under Postgres; the
+functionality can now be implemented via C<%DatabaseExtraDSN>.
+C<$DatabaseRequireSSL> has been removed, and setting it will trigger an
+informational message that setting it is ineffective.
=cut
diff --git a/etc/RT_Config.pm.in b/etc/RT_Config.pm.in
index 07ad8ea..791c399 100644
--- a/etc/RT_Config.pm.in
+++ b/etc/RT_Config.pm.in
@@ -211,6 +211,31 @@ SID and database objects are created in C<$DatabaseUser>'s schema.
Set($DatabaseName, q{@DB_DATABASE@});
+=item C<%DatabaseExtraDSN>
+
+Allows additional properties to be passed to the database connection
+step. Possible properties are specific to the database-type; see
+https://metacpan.org/pod/DBI#connect
+
+For PostgreSQL, for instance, the following enables SSL (but does no
+certificate checking, providing data hiding but no MITM protection):
+
+ # See https://metacpan.org/pod/DBD::Pg#connect
+ # and http://www.postgresql.org/docs/8.4/static/libpq-ssl.html
+ Set( %DatabaseExtraDSN, sslmode => 'require' );
+
+For MySQL, the following acts similarly if the server has enabled SSL.
+Otherwise, it provides no protection; MySQL provides no way to I<force>
+SSL connections:
+
+ # See https://metacpan.org/pod/DBD::mysql#connect
+ # and http://dev.mysql.com/doc/refman/5.1/en/ssl-options.html
+ Set( %DatabaseExtraDSN, mysql_ssl => 1 );
+
+=cut
+
+Set(%DatabaseExtraDSN, ());
+
=item C<$DatabaseAdmin>
The name of the database administrator to connect to the database as
diff --git a/lib/RT/Config.pm b/lib/RT/Config.pm
index 86a6622..5ead3f0 100644
--- a/lib/RT/Config.pm
+++ b/lib/RT/Config.pm
@@ -559,6 +559,10 @@ our %META;
},
# Internal config options
+ DatabaseExtraDSN => {
+ Type => 'HASH',
+ },
+
FullTextSearch => {
Type => 'HASH',
PostLoadCheck => sub {
@@ -1002,8 +1006,9 @@ our %META;
},
DatabaseRequireSSL => {
Deprecated => {
+ Remove => '4.4',
LogLevel => "info",
- Message => "The DatabaseRequireSSL configuration option did not enable SSL connections to the database, and has been removed; please remove it from your RT_SiteConfig.pm",
+ Message => "The DatabaseRequireSSL configuration option did not enable SSL connections to the database, and has been removed; please remove it from your RT_SiteConfig.pm. Use DatabaseExtraDSN to accomplish the same purpose.",
},
},
);
diff --git a/lib/RT/Handle.pm b/lib/RT/Handle.pm
index 31c24b5..94f8bb2 100644
--- a/lib/RT/Handle.pm
+++ b/lib/RT/Handle.pm
@@ -170,6 +170,13 @@ sub BuildDSN {
$args{'SID'} = delete $args{'Database'};
}
$self->SUPER::BuildDSN( %args );
+
+ if (RT->Config->Get('DatabaseExtraDSN')) {
+ my %extra = RT->Config->Get('DatabaseExtraDSN');
+ $self->{'dsn'} .= ";$_=$extra{$_}"
+ for sort keys %extra;
+ }
+ return $self->{'dsn'};
}
=head2 DSN
-----------------------------------------------------------------------
More information about the rt-commit
mailing list