From c46442bc16567ec2ab616c9e4767d04adcef4a6d Mon Sep 17 00:00:00 2001 From: Andrei Pavel Date: Tue, 13 May 2025 22:32:11 +0300 Subject: [PATCH] [#3734] Remove unnecessary HAVE_PGSQL_SSL macro --- config.h.in | 3 --- meson.build | 1 - src/hooks/dhcp/pgsql/pgsql_cb_impl.cc | 17 +---------------- src/hooks/dhcp/pgsql/pgsql_cb_messages.cc | 4 ---- src/hooks/dhcp/pgsql/pgsql_cb_messages.h | 2 -- src/hooks/dhcp/pgsql/pgsql_cb_messages.mes | 11 ----------- src/hooks/dhcp/pgsql/pgsql_fb_messages.cc | 4 ---- src/hooks/dhcp/pgsql/pgsql_fb_messages.h | 2 -- src/hooks/dhcp/pgsql/pgsql_fb_messages.mes | 11 ----------- src/hooks/dhcp/pgsql/pgsql_hb_messages.cc | 4 ---- src/hooks/dhcp/pgsql/pgsql_hb_messages.h | 2 -- src/hooks/dhcp/pgsql/pgsql_hb_messages.mes | 13 +------------ src/hooks/dhcp/pgsql/pgsql_host_data_source.cc | 15 --------------- src/hooks/dhcp/pgsql/pgsql_lb_messages.cc | 4 ---- src/hooks/dhcp/pgsql/pgsql_lb_messages.h | 2 -- src/hooks/dhcp/pgsql/pgsql_lb_messages.mes | 13 +------------ src/hooks/dhcp/pgsql/pgsql_lease_mgr.cc | 15 --------------- src/hooks/dhcp/pgsql/pgsql_legal_log.cc | 15 --------------- .../tests/pgsql_host_data_source_unittest.cc | 6 ------ .../pgsql/tests/pgsql_lease_mgr_unittest.cc | 6 ------ 20 files changed, 3 insertions(+), 147 deletions(-) diff --git a/config.h.in b/config.h.in index 4958e2d07b..42ccf28f3e 100644 --- a/config.h.in +++ b/config.h.in @@ -40,9 +40,6 @@ /* PostgreSQL is present */ #mesondefine HAVE_PGSQL -/* PostgreSQL was built with OpenSSL support */ -#mesondefine HAVE_PGSQL_SSL - /* PostgreSQL connection parameter tcp_user_timeout supported */ #mesondefine HAVE_PGSQL_TCP_USER_TIMEOUT diff --git a/meson.build b/meson.build index c30584d627..9bf35e07c0 100644 --- a/meson.build +++ b/meson.build @@ -124,7 +124,6 @@ KEA_MSG_COMPILER = disabler() #### Configuration Data # TODO: Remaining define macros used in code, but not handled by meson: -# - HAVE_PGSQL_SSL # - USE_STATIC_LINK conf_data = configuration_data( diff --git a/src/hooks/dhcp/pgsql/pgsql_cb_impl.cc b/src/hooks/dhcp/pgsql/pgsql_cb_impl.cc index 26e9fdc4de..4d91d9de4d 100644 --- a/src/hooks/dhcp/pgsql/pgsql_cb_impl.cc +++ b/src/hooks/dhcp/pgsql/pgsql_cb_impl.cc @@ -88,21 +88,6 @@ PgSqlConfigBackendImpl::PgSqlConfigBackendImpl(const std::string& space, tls += parameters.count("cert-file"); tls += parameters.count("key-file"); tls += parameters.count("cipher-list"); -#ifdef HAVE_PGSQL_SSL - if ((tls > 0) && !PgSqlConnection::warned_about_tls) { - PgSqlConnection::warned_about_tls = true; - LOG_INFO(pgsql_cb_logger, PGSQL_CB_TLS_SUPPORT) - .arg(DatabaseConnection::redactedAccessString(parameters); - PQinitSSL(1); - } -#else - if (tls > 0) { - LOG_ERROR(pgsql_cb_logger, PGSQL_CB_NO_TLS_SUPPORT) - .arg(DatabaseConnection::redactedAccessString(parameters)); - isc_throw(DbOpenError, "Attempt to configure TLS for PostgreSQL " - << "backend (built with this feature disabled)"); - } -#endif // Create unique timer name per instance. timer_name_ = "PgSqlConfigBackend"; @@ -1170,7 +1155,7 @@ PgSqlConfigBackendImpl::addOptionValueBinding(PsqlBindArray& bindings, } } -void +void PgSqlConfigBackendImpl::addClientClassesBinding(db::PsqlBindArray& bindings, const ClientClasses& client_classes) { // Create JSON list of client classes. diff --git a/src/hooks/dhcp/pgsql/pgsql_cb_messages.cc b/src/hooks/dhcp/pgsql/pgsql_cb_messages.cc index 6817056483..92a67540d6 100644 --- a/src/hooks/dhcp/pgsql/pgsql_cb_messages.cc +++ b/src/hooks/dhcp/pgsql/pgsql_cb_messages.cc @@ -184,7 +184,6 @@ extern const isc::log::MessageID PGSQL_CB_GET_SUBNET6_BY_PREFIX = "PGSQL_CB_GET_ extern const isc::log::MessageID PGSQL_CB_GET_SUBNET6_BY_SUBNET_ID = "PGSQL_CB_GET_SUBNET6_BY_SUBNET_ID"; extern const isc::log::MessageID PGSQL_CB_GET_TYPE4 = "PGSQL_CB_GET_TYPE4"; extern const isc::log::MessageID PGSQL_CB_GET_TYPE6 = "PGSQL_CB_GET_TYPE6"; -extern const isc::log::MessageID PGSQL_CB_NO_TLS_SUPPORT = "PGSQL_CB_NO_TLS_SUPPORT"; extern const isc::log::MessageID PGSQL_CB_RECONNECT_ATTEMPT_FAILED4 = "PGSQL_CB_RECONNECT_ATTEMPT_FAILED4"; extern const isc::log::MessageID PGSQL_CB_RECONNECT_ATTEMPT_FAILED6 = "PGSQL_CB_RECONNECT_ATTEMPT_FAILED6"; extern const isc::log::MessageID PGSQL_CB_RECONNECT_ATTEMPT_SCHEDULE4 = "PGSQL_CB_RECONNECT_ATTEMPT_SCHEDULE4"; @@ -193,7 +192,6 @@ extern const isc::log::MessageID PGSQL_CB_RECONNECT_FAILED4 = "PGSQL_CB_RECONNEC extern const isc::log::MessageID PGSQL_CB_RECONNECT_FAILED6 = "PGSQL_CB_RECONNECT_FAILED6"; extern const isc::log::MessageID PGSQL_CB_REGISTER_BACKEND_TYPE4 = "PGSQL_CB_REGISTER_BACKEND_TYPE4"; extern const isc::log::MessageID PGSQL_CB_REGISTER_BACKEND_TYPE6 = "PGSQL_CB_REGISTER_BACKEND_TYPE6"; -extern const isc::log::MessageID PGSQL_CB_TLS_SUPPORT = "PGSQL_CB_TLS_SUPPORT"; extern const isc::log::MessageID PGSQL_CB_UNREGISTER_BACKEND_TYPE4 = "PGSQL_CB_UNREGISTER_BACKEND_TYPE4"; extern const isc::log::MessageID PGSQL_CB_UNREGISTER_BACKEND_TYPE6 = "PGSQL_CB_UNREGISTER_BACKEND_TYPE6"; @@ -380,7 +378,6 @@ const char* values[] = { "PGSQL_CB_GET_SUBNET6_BY_SUBNET_ID", "retrieving subnet by subnet id: %1", "PGSQL_CB_GET_TYPE4", "get type", "PGSQL_CB_GET_TYPE6", "get type", - "PGSQL_CB_NO_TLS_SUPPORT", "Attempt to configure TLS (unsupported for PostgreSQL): %1", "PGSQL_CB_RECONNECT_ATTEMPT_FAILED4", "database reconnect failed: %1", "PGSQL_CB_RECONNECT_ATTEMPT_FAILED6", "database reconnect failed: %1", "PGSQL_CB_RECONNECT_ATTEMPT_SCHEDULE4", "scheduling attempt %1 of %2 in %3 milliseconds", @@ -389,7 +386,6 @@ const char* values[] = { "PGSQL_CB_RECONNECT_FAILED6", "maximum number of database reconnect attempts: %1, has been exhausted without success", "PGSQL_CB_REGISTER_BACKEND_TYPE4", "register backend", "PGSQL_CB_REGISTER_BACKEND_TYPE6", "register backend", - "PGSQL_CB_TLS_SUPPORT", "Attempt to configure TLS: %1", "PGSQL_CB_UNREGISTER_BACKEND_TYPE4", "unregister backend", "PGSQL_CB_UNREGISTER_BACKEND_TYPE6", "unregister backend", NULL diff --git a/src/hooks/dhcp/pgsql/pgsql_cb_messages.h b/src/hooks/dhcp/pgsql/pgsql_cb_messages.h index 9a301e6445..a594d8aafa 100644 --- a/src/hooks/dhcp/pgsql/pgsql_cb_messages.h +++ b/src/hooks/dhcp/pgsql/pgsql_cb_messages.h @@ -185,7 +185,6 @@ extern const isc::log::MessageID PGSQL_CB_GET_SUBNET6_BY_PREFIX; extern const isc::log::MessageID PGSQL_CB_GET_SUBNET6_BY_SUBNET_ID; extern const isc::log::MessageID PGSQL_CB_GET_TYPE4; extern const isc::log::MessageID PGSQL_CB_GET_TYPE6; -extern const isc::log::MessageID PGSQL_CB_NO_TLS_SUPPORT; extern const isc::log::MessageID PGSQL_CB_RECONNECT_ATTEMPT_FAILED4; extern const isc::log::MessageID PGSQL_CB_RECONNECT_ATTEMPT_FAILED6; extern const isc::log::MessageID PGSQL_CB_RECONNECT_ATTEMPT_SCHEDULE4; @@ -194,7 +193,6 @@ extern const isc::log::MessageID PGSQL_CB_RECONNECT_FAILED4; extern const isc::log::MessageID PGSQL_CB_RECONNECT_FAILED6; extern const isc::log::MessageID PGSQL_CB_REGISTER_BACKEND_TYPE4; extern const isc::log::MessageID PGSQL_CB_REGISTER_BACKEND_TYPE6; -extern const isc::log::MessageID PGSQL_CB_TLS_SUPPORT; extern const isc::log::MessageID PGSQL_CB_UNREGISTER_BACKEND_TYPE4; extern const isc::log::MessageID PGSQL_CB_UNREGISTER_BACKEND_TYPE6; diff --git a/src/hooks/dhcp/pgsql/pgsql_cb_messages.mes b/src/hooks/dhcp/pgsql/pgsql_cb_messages.mes index ac324d746b..4f86c944e1 100644 --- a/src/hooks/dhcp/pgsql/pgsql_cb_messages.mes +++ b/src/hooks/dhcp/pgsql/pgsql_cb_messages.mes @@ -720,11 +720,6 @@ Debug message issued when triggered an action to retrieve type Logged at debug log level 40. Debug message issued when triggered an action to retrieve type -% PGSQL_CB_NO_TLS_SUPPORT Attempt to configure TLS (unsupported for PostgreSQL): %1 -This error message is printed when TLS support was required in the Kea -configuration: Kea was built with this feature disabled for PostgreSQL. -The parameters of the connection are logged. - % PGSQL_CB_RECONNECT_ATTEMPT_FAILED4 database reconnect failed: %1 Error message issued when an attempt to reconnect has failed. @@ -757,12 +752,6 @@ Debug message issued when triggered an action to register backend Logged at debug log level 40. Debug message issued when triggered an action to register backend -% PGSQL_CB_TLS_SUPPORT Attempt to configure TLS: %1 -This informational message is printed when TLS support was required in -the Kea configuration: The TLS support in PostgreSQL will be initialized but -its configuration is fully managed outside the C API. -The parameters of the connection are logged. - % PGSQL_CB_UNREGISTER_BACKEND_TYPE4 unregister backend Logged at debug log level 40. Debug message issued when triggered an action to unregister backend diff --git a/src/hooks/dhcp/pgsql/pgsql_fb_messages.cc b/src/hooks/dhcp/pgsql/pgsql_fb_messages.cc index 214799d775..fe25c2b194 100644 --- a/src/hooks/dhcp/pgsql/pgsql_fb_messages.cc +++ b/src/hooks/dhcp/pgsql/pgsql_fb_messages.cc @@ -16,10 +16,8 @@ extern const isc::log::MessageID LEGAL_LOG_PGSQL_FATAL_ERROR = "LEGAL_LOG_PGSQL_ extern const isc::log::MessageID LEGAL_LOG_PGSQL_GET_VERSION = "LEGAL_LOG_PGSQL_GET_VERSION"; extern const isc::log::MessageID LEGAL_LOG_PGSQL_INSERT_LOG = "LEGAL_LOG_PGSQL_INSERT_LOG"; extern const isc::log::MessageID LEGAL_LOG_PGSQL_INVALID_ACCESS = "LEGAL_LOG_PGSQL_INVALID_ACCESS"; -extern const isc::log::MessageID LEGAL_LOG_PGSQL_NO_TLS_SUPPORT = "LEGAL_LOG_PGSQL_NO_TLS_SUPPORT"; extern const isc::log::MessageID LEGAL_LOG_PGSQL_ROLLBACK = "LEGAL_LOG_PGSQL_ROLLBACK"; extern const isc::log::MessageID LEGAL_LOG_PGSQL_START_TRANSACTION = "LEGAL_LOG_PGSQL_START_TRANSACTION"; -extern const isc::log::MessageID LEGAL_LOG_PGSQL_TLS_SUPPORT = "LEGAL_LOG_PGSQL_TLS_SUPPORT"; extern const isc::log::MessageID PGSQL_FB_DB = "PGSQL_FB_DB"; } // namespace dhcp @@ -37,10 +35,8 @@ const char* values[] = { "LEGAL_LOG_PGSQL_GET_VERSION", "obtaining schema version information", "LEGAL_LOG_PGSQL_INSERT_LOG", "Adding a log entry to the database: %1", "LEGAL_LOG_PGSQL_INVALID_ACCESS", "invalid database access string: %1", - "LEGAL_LOG_PGSQL_NO_TLS_SUPPORT", "Attempt to configure TLS (unsupported for PostgreSQL): %1", "LEGAL_LOG_PGSQL_ROLLBACK", "rolling back PostgreSQL database", "LEGAL_LOG_PGSQL_START_TRANSACTION", "starting a new PostgreSQL transaction", - "LEGAL_LOG_PGSQL_TLS_SUPPORT", "Attempt to configure TLS: %1", "PGSQL_FB_DB", "opening PostgreSQL log database: %1", NULL }; diff --git a/src/hooks/dhcp/pgsql/pgsql_fb_messages.h b/src/hooks/dhcp/pgsql/pgsql_fb_messages.h index 13893b4191..871a01fa5c 100644 --- a/src/hooks/dhcp/pgsql/pgsql_fb_messages.h +++ b/src/hooks/dhcp/pgsql/pgsql_fb_messages.h @@ -17,10 +17,8 @@ extern const isc::log::MessageID LEGAL_LOG_PGSQL_FATAL_ERROR; extern const isc::log::MessageID LEGAL_LOG_PGSQL_GET_VERSION; extern const isc::log::MessageID LEGAL_LOG_PGSQL_INSERT_LOG; extern const isc::log::MessageID LEGAL_LOG_PGSQL_INVALID_ACCESS; -extern const isc::log::MessageID LEGAL_LOG_PGSQL_NO_TLS_SUPPORT; extern const isc::log::MessageID LEGAL_LOG_PGSQL_ROLLBACK; extern const isc::log::MessageID LEGAL_LOG_PGSQL_START_TRANSACTION; -extern const isc::log::MessageID LEGAL_LOG_PGSQL_TLS_SUPPORT; extern const isc::log::MessageID PGSQL_FB_DB; } // namespace dhcp diff --git a/src/hooks/dhcp/pgsql/pgsql_fb_messages.mes b/src/hooks/dhcp/pgsql/pgsql_fb_messages.mes index b7f5ee8592..1f687b7080 100644 --- a/src/hooks/dhcp/pgsql/pgsql_fb_messages.mes +++ b/src/hooks/dhcp/pgsql/pgsql_fb_messages.mes @@ -50,11 +50,6 @@ and the attempt ended in error. The access string in question - which should be of the form 'keyword=value keyword=value...' is included in the message. -% LEGAL_LOG_PGSQL_NO_TLS_SUPPORT Attempt to configure TLS (unsupported for PostgreSQL): %1 -This error message is printed when TLS support was required in the Kea -configuration: Kea was built with this feature disabled for PostgreSQL. -The parameters of the connection are logged. - % LEGAL_LOG_PGSQL_ROLLBACK rolling back PostgreSQL database The code has issued a rollback call. All outstanding transaction will be rolled back and not committed to the database. @@ -68,12 +63,6 @@ inserted into multiple tables with multiple INSERT statements and there may be a need to rollback the whole transaction if any of these INSERT statements fail. -% LEGAL_LOG_PGSQL_TLS_SUPPORT Attempt to configure TLS: %1 -This informational message is printed when TLS support was required in -the Kea configuration: The TLS support in PostgreSQL will be initialized but -its configuration is fully managed outside the C API. -The parameters of the connection are logged. - % PGSQL_FB_DB opening PostgreSQL log database: %1 This informational message is logged when a legal log hook library is about to open a PostgreSQL log database. The parameters of the diff --git a/src/hooks/dhcp/pgsql/pgsql_hb_messages.cc b/src/hooks/dhcp/pgsql/pgsql_hb_messages.cc index 98dbb2a414..ffd427e5c2 100644 --- a/src/hooks/dhcp/pgsql/pgsql_hb_messages.cc +++ b/src/hooks/dhcp/pgsql/pgsql_hb_messages.cc @@ -13,8 +13,6 @@ extern const isc::log::MessageID PGSQL_HB_DB_READONLY = "PGSQL_HB_DB_READONLY"; extern const isc::log::MessageID PGSQL_HB_DB_RECONNECT_ATTEMPT_FAILED = "PGSQL_HB_DB_RECONNECT_ATTEMPT_FAILED"; extern const isc::log::MessageID PGSQL_HB_DB_RECONNECT_ATTEMPT_SCHEDULE = "PGSQL_HB_DB_RECONNECT_ATTEMPT_SCHEDULE"; extern const isc::log::MessageID PGSQL_HB_DB_RECONNECT_FAILED = "PGSQL_HB_DB_RECONNECT_FAILED"; -extern const isc::log::MessageID PGSQL_HB_NO_TLS_SUPPORT = "PGSQL_HB_NO_TLS_SUPPORT"; -extern const isc::log::MessageID PGSQL_HB_TLS_SUPPORT = "PGSQL_HB_TLS_SUPPORT"; } // namespace dhcp } // namespace isc @@ -28,8 +26,6 @@ const char* values[] = { "PGSQL_HB_DB_RECONNECT_ATTEMPT_FAILED", "database reconnect failed: %1", "PGSQL_HB_DB_RECONNECT_ATTEMPT_SCHEDULE", "scheduling attempt %1 of %2 in %3 milliseconds", "PGSQL_HB_DB_RECONNECT_FAILED", "maximum number of database reconnect attempts: %1, has been exhausted without success", - "PGSQL_HB_NO_TLS_SUPPORT", "Attempt to configure TLS (unsupported for PostgreSQL): %1", - "PGSQL_HB_TLS_SUPPORT", "Attempt to configure TLS: %1", NULL }; diff --git a/src/hooks/dhcp/pgsql/pgsql_hb_messages.h b/src/hooks/dhcp/pgsql/pgsql_hb_messages.h index ba403b4b3f..8f3ea8c963 100644 --- a/src/hooks/dhcp/pgsql/pgsql_hb_messages.h +++ b/src/hooks/dhcp/pgsql/pgsql_hb_messages.h @@ -14,8 +14,6 @@ extern const isc::log::MessageID PGSQL_HB_DB_READONLY; extern const isc::log::MessageID PGSQL_HB_DB_RECONNECT_ATTEMPT_FAILED; extern const isc::log::MessageID PGSQL_HB_DB_RECONNECT_ATTEMPT_SCHEDULE; extern const isc::log::MessageID PGSQL_HB_DB_RECONNECT_FAILED; -extern const isc::log::MessageID PGSQL_HB_NO_TLS_SUPPORT; -extern const isc::log::MessageID PGSQL_HB_TLS_SUPPORT; } // namespace dhcp } // namespace isc diff --git a/src/hooks/dhcp/pgsql/pgsql_hb_messages.mes b/src/hooks/dhcp/pgsql/pgsql_hb_messages.mes index e9ac3d75d3..054dadbf11 100644 --- a/src/hooks/dhcp/pgsql/pgsql_hb_messages.mes +++ b/src/hooks/dhcp/pgsql/pgsql_hb_messages.mes @@ -1,4 +1,4 @@ -# Copyright (C) 2024 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2024-2025 Internet Systems Consortium, Inc. ("ISC") # # This Source Code Form is subject to the terms of the Mozilla Public # License, v. 2.0. If a copy of the MPL was not distributed with this @@ -34,14 +34,3 @@ is attempting to reconnect automatically. % PGSQL_HB_DB_RECONNECT_FAILED maximum number of database reconnect attempts: %1, has been exhausted without success An error message issued when the server failed to reconnect. Loss of connectivity is typically a network or database server issue. - -% PGSQL_HB_NO_TLS_SUPPORT Attempt to configure TLS (unsupported for PostgreSQL): %1 -This error message is printed when TLS support was required in the Kea -configuration: Kea was built with this feature disabled for PostgreSQL. -The parameters of the connection are logged. - -% PGSQL_HB_TLS_SUPPORT Attempt to configure TLS: %1 -This informational message is printed when TLS support was required in -the Kea configuration: The TLS support in PostgreSQL will be initialized but -its configuration is fully managed outside the C API. -The parameters of the connection are logged. diff --git a/src/hooks/dhcp/pgsql/pgsql_host_data_source.cc b/src/hooks/dhcp/pgsql/pgsql_host_data_source.cc index 491c13edc5..6995bc70c1 100644 --- a/src/hooks/dhcp/pgsql/pgsql_host_data_source.cc +++ b/src/hooks/dhcp/pgsql/pgsql_host_data_source.cc @@ -2322,21 +2322,6 @@ PgSqlHostDataSourceImpl::PgSqlHostDataSourceImpl(const DatabaseConnection::Param tls += parameters.count("cert-file"); tls += parameters.count("key-file"); tls += parameters.count("cipher-list"); -#ifdef HAVE_PGSQL_SSL - if ((tls > 0) && !PgSqlConnection::warned_about_tls) { - PgSqlConnection::warned_about_tls = true; - LOG_INFO(pgsql_hb_logger, PGSQL_HB_TLS_SUPPORT) - .arg(DatabaseConnection::redactedAccessString(parameters_)); - PQinitSSL(1); - } -#else - if (tls > 0) { - LOG_ERROR(pgsql_hb_logger, PGSQL_HB_NO_TLS_SUPPORT) - .arg(DatabaseConnection::redactedAccessString(parameters_)); - isc_throw(DbOpenError, "Attempt to configure TLS for PostgreSQL " - << "backend (built with this feature disabled)"); - } -#endif // Create unique timer name per instance. timer_name_ = "PgSqlHostMgr["; diff --git a/src/hooks/dhcp/pgsql/pgsql_lb_messages.cc b/src/hooks/dhcp/pgsql/pgsql_lb_messages.cc index b6af53fcf7..8bcbad8df9 100644 --- a/src/hooks/dhcp/pgsql/pgsql_lb_messages.cc +++ b/src/hooks/dhcp/pgsql/pgsql_lb_messages.cc @@ -46,9 +46,7 @@ extern const isc::log::MessageID PGSQL_LB_GET_SUBID_HWADDR = "PGSQL_LB_GET_SUBID extern const isc::log::MessageID PGSQL_LB_GET_SUBID_PAGE6 = "PGSQL_LB_GET_SUBID_PAGE6"; extern const isc::log::MessageID PGSQL_LB_GET_VERSION = "PGSQL_LB_GET_VERSION"; extern const isc::log::MessageID PGSQL_LB_NEGATIVE_LEASES_STAT = "PGSQL_LB_NEGATIVE_LEASES_STAT"; -extern const isc::log::MessageID PGSQL_LB_NO_TLS_SUPPORT = "PGSQL_LB_NO_TLS_SUPPORT"; extern const isc::log::MessageID PGSQL_LB_ROLLBACK = "PGSQL_LB_ROLLBACK"; -extern const isc::log::MessageID PGSQL_LB_TLS_SUPPORT = "PGSQL_LB_TLS_SUPPORT"; extern const isc::log::MessageID PGSQL_LB_UPDATE_ADDR4 = "PGSQL_LB_UPDATE_ADDR4"; extern const isc::log::MessageID PGSQL_LB_UPDATE_ADDR6 = "PGSQL_LB_UPDATE_ADDR6"; extern const isc::log::MessageID PGSQL_LB_UPGRADE_EXTENDED_INFO4 = "PGSQL_LB_UPGRADE_EXTENDED_INFO4"; @@ -103,9 +101,7 @@ const char* values[] = { "PGSQL_LB_GET_SUBID_PAGE6", "obtaining at most %1 IPv6 leases starting from address %2 for subnet ID %3", "PGSQL_LB_GET_VERSION", "obtaining schema version information", "PGSQL_LB_NEGATIVE_LEASES_STAT", "recount of leases returned a negative value", - "PGSQL_LB_NO_TLS_SUPPORT", "Attempt to configure TLS (unsupported for PostgreSQL): %1", "PGSQL_LB_ROLLBACK", "rolling back PostgreSQL database", - "PGSQL_LB_TLS_SUPPORT", "Attempt to configure TLS: %1", "PGSQL_LB_UPDATE_ADDR4", "updating IPv4 lease for address %1", "PGSQL_LB_UPDATE_ADDR6", "updating IPv6 lease for address %1, lease type %2", "PGSQL_LB_UPGRADE_EXTENDED_INFO4", "upgrading IPv4 leases done in %1 pages with %2 updated leases", diff --git a/src/hooks/dhcp/pgsql/pgsql_lb_messages.h b/src/hooks/dhcp/pgsql/pgsql_lb_messages.h index fc9ae19030..b208c33de9 100644 --- a/src/hooks/dhcp/pgsql/pgsql_lb_messages.h +++ b/src/hooks/dhcp/pgsql/pgsql_lb_messages.h @@ -47,9 +47,7 @@ extern const isc::log::MessageID PGSQL_LB_GET_SUBID_HWADDR; extern const isc::log::MessageID PGSQL_LB_GET_SUBID_PAGE6; extern const isc::log::MessageID PGSQL_LB_GET_VERSION; extern const isc::log::MessageID PGSQL_LB_NEGATIVE_LEASES_STAT; -extern const isc::log::MessageID PGSQL_LB_NO_TLS_SUPPORT; extern const isc::log::MessageID PGSQL_LB_ROLLBACK; -extern const isc::log::MessageID PGSQL_LB_TLS_SUPPORT; extern const isc::log::MessageID PGSQL_LB_UPDATE_ADDR4; extern const isc::log::MessageID PGSQL_LB_UPDATE_ADDR6; extern const isc::log::MessageID PGSQL_LB_UPGRADE_EXTENDED_INFO4; diff --git a/src/hooks/dhcp/pgsql/pgsql_lb_messages.mes b/src/hooks/dhcp/pgsql/pgsql_lb_messages.mes index fd97bf14b5..ecacaf3146 100644 --- a/src/hooks/dhcp/pgsql/pgsql_lb_messages.mes +++ b/src/hooks/dhcp/pgsql/pgsql_lb_messages.mes @@ -1,4 +1,4 @@ -# Copyright (C) 2024 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2024-2025 Internet Systems Consortium, Inc. ("ISC") # # This Source Code Form is subject to the terms of the Mozilla Public # License, v. 2.0. If a copy of the MPL was not distributed with this @@ -216,22 +216,11 @@ in the PostgreSQL database returned a negative value. This shows a problem which can be fixed only by an offline direct recount on the database. This message is issued only once. -% PGSQL_LB_NO_TLS_SUPPORT Attempt to configure TLS (unsupported for PostgreSQL): %1 -This error message is printed when TLS support was required in the Kea -configuration: Kea was built with this feature disabled for PostgreSQL. -The parameters of the connection are logged. - % PGSQL_LB_ROLLBACK rolling back PostgreSQL database Logged at debug log level 50. The code has issued a rollback call. All outstanding transaction will be rolled back and not committed to the database. -% PGSQL_LB_TLS_SUPPORT Attempt to configure TLS: %1 -This informational message is printed when TLS support was required in -the Kea configuration: The TLS support in PostgreSQL will be initialized but -its configuration is fully managed outside the C API. -The parameters of the connection are logged. - % PGSQL_LB_UPDATE_ADDR4 updating IPv4 lease for address %1 Logged at debug log level 50. A debug message issued when the server is attempting to update IPv4 diff --git a/src/hooks/dhcp/pgsql/pgsql_lease_mgr.cc b/src/hooks/dhcp/pgsql/pgsql_lease_mgr.cc index fe57525607..9d0884eafe 100644 --- a/src/hooks/dhcp/pgsql/pgsql_lease_mgr.cc +++ b/src/hooks/dhcp/pgsql/pgsql_lease_mgr.cc @@ -1625,21 +1625,6 @@ PgSqlLeaseMgr::PgSqlLeaseMgr(const DatabaseConnection::ParameterMap& parameters) tls += parameters.count("cert-file"); tls += parameters.count("key-file"); tls += parameters.count("cipher-list"); -#ifdef HAVE_PGSQL_SSL - if ((tls > 0) && !PgSqlConnection::warned_about_tls) { - PgSqlConnection::warned_about_tls = true; - LOG_INFO(pgsql_lb_logger, PGSQL_LB_TLS_SUPPORT) - .arg(DatabaseConnection::redactedAccessString(parameters_)); - PQinitSSL(1); - } -#else - if (tls > 0) { - LOG_ERROR(pgsql_lb_logger, PGSQL_LB_NO_TLS_SUPPORT) - .arg(DatabaseConnection::redactedAccessString(parameters_)); - isc_throw(DbOpenError, "Attempt to configure TLS for PostgreSQL " - << "backend (built with this feature disabled)"); - } -#endif // Create unique timer name per instance. timer_name_ = "PgSqlLeaseMgr["; diff --git a/src/hooks/dhcp/pgsql/pgsql_legal_log.cc b/src/hooks/dhcp/pgsql/pgsql_legal_log.cc index 49a8a52391..a1599a1992 100644 --- a/src/hooks/dhcp/pgsql/pgsql_legal_log.cc +++ b/src/hooks/dhcp/pgsql/pgsql_legal_log.cc @@ -187,21 +187,6 @@ void PgSqlStore::open() { tls += parameters.count("cert-file"); tls += parameters.count("key-file"); tls += parameters.count("cipher-list"); -#ifdef HAVE_PGSQL_SSL - if ((tls > 0) && !PgSqlConnection::warned_about_tls) { - PgSqlConnection::warned_about_tls = true; - LOG_INFO(pgsql_fb_logger, LEGAL_LOG_PGSQL_TLS_SUPPORT) - .arg(DatabaseConnection::redactedAccessString(parameters)); - PQinitSSL(1); - } -#else - if (tls > 0) { - LOG_ERROR(pgsql_fb_logger, LEGAL_LOG_PGSQL_NO_TLS_SUPPORT) - .arg(DatabaseConnection::redactedAccessString(parameters)); - isc_throw(DbOpenError, "Attempt to configure TLS for PostgreSQL " - << "backend (built with this feature disabled)"); - } -#endif // Test schema version first. pair code_version(PGSQL_SCHEMA_VERSION_MAJOR, diff --git a/src/hooks/dhcp/pgsql/tests/pgsql_host_data_source_unittest.cc b/src/hooks/dhcp/pgsql/tests/pgsql_host_data_source_unittest.cc index 1947537532..74ab4f044d 100644 --- a/src/hooks/dhcp/pgsql/tests/pgsql_host_data_source_unittest.cc +++ b/src/hooks/dhcp/pgsql/tests/pgsql_host_data_source_unittest.cc @@ -245,15 +245,9 @@ TEST(PgSqlHostDataSource, OpenDatabase) { NoDatabaseName); // Check for SSL/TLS support. -#ifdef HAVE_PGSQL_SSL EXPECT_NO_THROW(HostMgr::addBackend(connectionString( PGSQL_VALID_TYPE, VALID_NAME, VALID_HOST, VALID_USER, VALID_PASSWORD, 0, 0, 0, 0, VALID_CA))); -#else - EXPECT_THROW(HostMgr::addBackend(connectionString( - PGSQL_VALID_TYPE, VALID_NAME, VALID_HOST, VALID_USER, VALID_PASSWORD, - 0, 0, 0, 0, VALID_CA)), DbOpenError); -#endif // Tidy up after the test destroyPgSQLSchema(); diff --git a/src/hooks/dhcp/pgsql/tests/pgsql_lease_mgr_unittest.cc b/src/hooks/dhcp/pgsql/tests/pgsql_lease_mgr_unittest.cc index a1b91860a1..801ab2c82d 100644 --- a/src/hooks/dhcp/pgsql/tests/pgsql_lease_mgr_unittest.cc +++ b/src/hooks/dhcp/pgsql/tests/pgsql_lease_mgr_unittest.cc @@ -210,15 +210,9 @@ TEST(PgSqlOpenTest, OpenDatabase) { NoDatabaseName); // Check for SSL/TLS support. -#ifdef HAVE_PGSQL_SSL EXPECT_NO_THROW(LeaseMgrFactory::create(connectionString( PGSQL_VALID_TYPE, VALID_NAME, VALID_HOST, VALID_USER, VALID_PASSWORD, 0, 0, 0, 0, VALID_CA))); -#else - EXPECT_THROW(LeaseMgrFactory::create(connectionString( - PGSQL_VALID_TYPE, VALID_NAME, VALID_HOST, VALID_USER, VALID_PASSWORD, - 0, 0, 0, 0, VALID_CA)), DbOpenError); -#endif // Check for extended info tables. const char* EX_INFO = "extended-info-tables=true";