Skip to content

Commit 276bd1b

Browse files
committed
[auth] Add trusted root CAs to OGR PG connnections
1 parent 2c63671 commit 276bd1b

File tree

2 files changed

+35
-2
lines changed

2 files changed

+35
-2
lines changed

src/auth/basic/qgsauthbasicmethod.cpp

Lines changed: 34 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -102,6 +102,20 @@ bool QgsAuthBasicMethod::updateDataSourceUriItems( QStringList &connectionItems,
102102
return false;
103103
}
104104

105+
// SSL Extra CAs
106+
QString caparam;
107+
QList<QSslCertificate> cas;
108+
cas = QgsApplication::authManager()->trustedCaCerts();
109+
// save CAs to temp file
110+
QString tempFileBase = QStringLiteral( "tmp_basic_%1.pem" );
111+
QString caFilePath = QgsAuthCertUtils::pemTextToTempFile(
112+
tempFileBase.arg( QUuid::createUuid().toString() ),
113+
QgsAuthCertUtils::certsToPemText( cas ) );
114+
if ( ! caFilePath.isEmpty() )
115+
{
116+
QString caparam = "sslrootcert='" + caFilePath + "'";
117+
}
118+
105119
// Branch for OGR
106120
if ( dataprovider == QStringLiteral( "ogr" ) )
107121
{
@@ -127,6 +141,11 @@ bool QgsAuthBasicMethod::updateDataSourceUriItems( QStringList &connectionItems,
127141
if ( !password.isEmpty() )
128142
uri += QStringLiteral( " password='%1'" ).arg( password );
129143
}
144+
// add extra CAs
145+
if ( ! caparam.isEmpty() )
146+
{
147+
uri += ' ' + caparam;
148+
}
130149
}
131150
else if ( uri.startsWith( QStringLiteral( "SDE:" ) ) )
132151
{
@@ -226,9 +245,23 @@ bool QgsAuthBasicMethod::updateDataSourceUriItems( QStringList &connectionItems,
226245
{
227246
connectionItems.append( passparam );
228247
}
248+
// add extra CAs
249+
if ( ! caparam.isEmpty() )
250+
{
251+
int sslcaindx = connectionItems.indexOf( QRegExp( "^sslrootcert='.*" ) );
252+
if ( sslcaindx != -1 )
253+
{
254+
connectionItems.replace( sslcaindx, caparam );
255+
}
256+
else
257+
{
258+
connectionItems.append( caparam );
259+
}
260+
}
229261
}
230262

231-
return true;
263+
264+
return true;
232265
}
233266

234267
bool QgsAuthBasicMethod::updateNetworkProxy( QNetworkProxy &proxy, const QString &authcfg, const QString &dataprovider )

tests/src/python/CMakeLists.txt

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -215,7 +215,7 @@ IF (ENABLE_PGTEST)
215215
ADD_PYTHON_TEST(PyQgsVectorLayerTools test_qgsvectorlayertools.py)
216216
ADD_PYTHON_TEST(PyQgsAuthManagerPKIPostgresTest test_authmanager_pki_postgres.py)
217217
ADD_PYTHON_TEST(PyQgsAuthManagerPasswordPostgresTest test_authmanager_password_postgres.py)
218-
ENDIF (ENABLE_PGTEST)
218+
ENDIF (ENABLE_PGTEST)
219219

220220
IF (ENABLE_MSSQLTEST)
221221
ADD_PYTHON_TEST(PyQgsMssqlProvider test_provider_mssql.py)

0 commit comments

Comments
 (0)