From 31e43a9869cc0cfaf27d8a9981257d8ebaee0d0d Mon Sep 17 00:00:00 2001 From: "Juergen E. Fischer" Date: Thu, 25 Feb 2016 20:58:02 +0100 Subject: [PATCH] postgres provider: add support for verify-ca and verify-full ssl modes --- python/core/qgsdatasourceuri.sip | 2 +- src/core/qgsdatasourceuri.cpp | 10 +++++++++- src/core/qgsdatasourceuri.h | 2 +- src/providers/postgres/qgspgnewconnection.cpp | 2 ++ 4 files changed, 13 insertions(+), 3 deletions(-) diff --git a/python/core/qgsdatasourceuri.sip b/python/core/qgsdatasourceuri.sip index 4a13a2e12f4c..94120057c74f 100644 --- a/python/core/qgsdatasourceuri.sip +++ b/python/core/qgsdatasourceuri.sip @@ -14,7 +14,7 @@ class QgsDataSourceURI %End public: - enum SSLmode { SSLprefer, SSLdisable, SSLallow, SSLrequire }; + enum SSLmode { SSLprefer, SSLdisable, SSLallow, SSLrequire, SSLverifyCA }; //! default constructor QgsDataSourceURI(); diff --git a/src/core/qgsdatasourceuri.cpp b/src/core/qgsdatasourceuri.cpp index 6e187ca757f1..828659e83831 100644 --- a/src/core/qgsdatasourceuri.cpp +++ b/src/core/qgsdatasourceuri.cpp @@ -199,6 +199,10 @@ QgsDataSourceURI::QgsDataSourceURI( QString uri ) mSSLmode = SSLprefer; else if ( pval == "require" ) mSSLmode = SSLrequire; + else if ( pval == "verify-ca" ) + mSSLmode = SSLverifyCA; + else if ( pval == "verify-full" ) + mSSLmode = SSLverifyFull; } else if ( pname == "requiressl" ) { @@ -499,9 +503,13 @@ QString QgsDataSourceURI::connectionInfo( bool expandAuthConfig ) const else if ( mSSLmode == SSLrequire ) connectionItems << "sslmode=require"; #if 0 - else if ( mSSLmode == SSLprefer ) + else if ( mSSLmode == SSLprefer ) // no need to output the default connectionItems << "sslmode=prefer"; #endif + else if ( mSSLmode == SSLverifyCA ) + connectionItems << "sslmode=verify-ca"; + else if ( mSSLmode == SSLverifyFull ) + connectionItems << "sslmode=verify-full"; if ( !mAuthConfigId.isEmpty() ) { diff --git a/src/core/qgsdatasourceuri.h b/src/core/qgsdatasourceuri.h index 850791e8202f..cf9c4a9e94f1 100644 --- a/src/core/qgsdatasourceuri.h +++ b/src/core/qgsdatasourceuri.h @@ -35,7 +35,7 @@ class CORE_EXPORT QgsDataSourceURI { public: - enum SSLmode { SSLprefer, SSLdisable, SSLallow, SSLrequire }; + enum SSLmode { SSLprefer, SSLdisable, SSLallow, SSLrequire, SSLverifyCA, SSLverifyFull }; //! default constructor QgsDataSourceURI(); diff --git a/src/providers/postgres/qgspgnewconnection.cpp b/src/providers/postgres/qgspgnewconnection.cpp index 04b8aa2e3aea..4f7f2c88c6fb 100644 --- a/src/providers/postgres/qgspgnewconnection.cpp +++ b/src/providers/postgres/qgspgnewconnection.cpp @@ -35,6 +35,8 @@ QgsPgNewConnection::QgsPgNewConnection( QWidget *parent, const QString& connName cbxSSLmode->addItem( tr( "allow" ), QgsDataSourceURI::SSLallow ); cbxSSLmode->addItem( tr( "prefer" ), QgsDataSourceURI::SSLprefer ); cbxSSLmode->addItem( tr( "require" ), QgsDataSourceURI::SSLrequire ); + cbxSSLmode->addItem( tr( "verify-ca" ), QgsDataSourceURI::SSLverifyCA ); + cbxSSLmode->addItem( tr( "verify-full" ), QgsDataSourceURI::SSLverifyFull ); mAuthConfigSelect = new QgsAuthConfigSelect( this, "postgres" ); tabAuthentication->insertTab( 1, mAuthConfigSelect, tr( "Configurations" ) );