@@ -102,6 +102,20 @@ bool QgsAuthBasicMethod::updateDataSourceUriItems( QStringList &connectionItems,
102
102
return false ;
103
103
}
104
104
105
+ // SSL Extra CAs
106
+ QString caparam;
107
+ QList<QSslCertificate> cas;
108
+ cas = QgsApplication::authManager ()->trustedCaCerts ();
109
+ // save CAs to temp file
110
+ QString tempFileBase = QStringLiteral ( " tmp_basic_%1.pem" );
111
+ QString caFilePath = QgsAuthCertUtils::pemTextToTempFile (
112
+ tempFileBase.arg ( QUuid::createUuid ().toString () ),
113
+ QgsAuthCertUtils::certsToPemText ( cas ) );
114
+ if ( ! caFilePath.isEmpty () )
115
+ {
116
+ QString caparam = " sslrootcert='" + caFilePath + " '" ;
117
+ }
118
+
105
119
// Branch for OGR
106
120
if ( dataprovider == QStringLiteral ( " ogr" ) )
107
121
{
@@ -127,6 +141,11 @@ bool QgsAuthBasicMethod::updateDataSourceUriItems( QStringList &connectionItems,
127
141
if ( !password.isEmpty () )
128
142
uri += QStringLiteral ( " password='%1'" ).arg ( password );
129
143
}
144
+ // add extra CAs
145
+ if ( ! caparam.isEmpty () )
146
+ {
147
+ uri += ' ' + caparam;
148
+ }
130
149
}
131
150
else if ( uri.startsWith ( QStringLiteral ( " SDE:" ) ) )
132
151
{
@@ -226,9 +245,23 @@ bool QgsAuthBasicMethod::updateDataSourceUriItems( QStringList &connectionItems,
226
245
{
227
246
connectionItems.append ( passparam );
228
247
}
248
+ // add extra CAs
249
+ if ( ! caparam.isEmpty () )
250
+ {
251
+ int sslcaindx = connectionItems.indexOf ( QRegExp ( " ^sslrootcert='.*" ) );
252
+ if ( sslcaindx != -1 )
253
+ {
254
+ connectionItems.replace ( sslcaindx, caparam );
255
+ }
256
+ else
257
+ {
258
+ connectionItems.append ( caparam );
259
+ }
260
+ }
229
261
}
230
262
231
- return true ;
263
+
264
+ return true ;
232
265
}
233
266
234
267
bool QgsAuthBasicMethod::updateNetworkProxy ( QNetworkProxy &proxy, const QString &authcfg, const QString &dataprovider )
0 commit comments