[bugfix][auth] Basic method uses trusted CAs when connecting to DB

Fixes #17392 Backport of Basic auth CAs fix from master
qgis · Nov 3, 2017 · 3fab14040b6a5b6b72c1e9db0212369528c59963 · 3fab140
1 parent 08889c7
commit 3fab14040b6a5b6b72c1e9db0212369528c59963
Unified Split

Showing with 21 additions and 0 deletions.

+21 −0 src/auth/basic/qgsauthbasicmethod.cpp
diff --git a/src/auth/basic/qgsauthbasicmethod.cpp b/src/auth/basic/qgsauthbasicmethod.cpp
@@ -22,6 +22,7 @@
 
 #include <QNetworkProxy>
 #include <QMutexLocker>
+#include <QUuid>
 
 static const QString AUTH_METHOD_KEY = "Basic";
 static const QString AUTH_METHOD_DESCRIPTION = "Basic authentication";
@@ -126,6 +127,26 @@ bool QgsAuthBasicMethod::updateDataSourceUriItems( QStringList &connectionItems,
     connectionItems.append( passparam );
   }
 
+  // add extra CAs
+  // save CAs to temp file
+  QString tempFileBase = QLatin1String( "tmp_basic_%1.pem" );
+  QString caFilePath = QgsAuthCertUtils::pemTextToTempFile(
+                         tempFileBase.arg( QUuid::createUuid().toString() ),
+                         QgsAuthManager::instance()->getTrustedCaCertsPemText( ) );
+  if ( ! caFilePath.isEmpty() )
+  {
+    QString caparam = "sslrootcert='" + caFilePath + "'";
+    int sslcaindx = connectionItems.indexOf( QRegExp( "^sslrootcert='.*" ) );
+    if ( sslcaindx != -1 )
+    {
+      connectionItems.replace( sslcaindx, caparam );
+    }
+    else
+    {
+      connectionItems.append( caparam );
+    }
+  }
+
   return true;
 }