Skip to content
Permalink
Browse files

[bugfix][auth] Basic method uses trusted CAs when connecting to DB

Fixes #17392

Backport of Basic auth CAs fix from master
  • Loading branch information
elpaso committed Nov 3, 2017
1 parent 08889c7 commit 3fab14040b6a5b6b72c1e9db0212369528c59963
Showing with 21 additions and 0 deletions.
  1. +21 −0 src/auth/basic/qgsauthbasicmethod.cpp
@@ -22,6 +22,7 @@

#include <QNetworkProxy>
#include <QMutexLocker>
#include <QUuid>

static const QString AUTH_METHOD_KEY = "Basic";
static const QString AUTH_METHOD_DESCRIPTION = "Basic authentication";
@@ -126,6 +127,26 @@ bool QgsAuthBasicMethod::updateDataSourceUriItems( QStringList &connectionItems,
connectionItems.append( passparam );
}

// add extra CAs
// save CAs to temp file
QString tempFileBase = QLatin1String( "tmp_basic_%1.pem" );
QString caFilePath = QgsAuthCertUtils::pemTextToTempFile(
tempFileBase.arg( QUuid::createUuid().toString() ),
QgsAuthManager::instance()->getTrustedCaCertsPemText( ) );
if ( ! caFilePath.isEmpty() )
{
QString caparam = "sslrootcert='" + caFilePath + "'";
int sslcaindx = connectionItems.indexOf( QRegExp( "^sslrootcert='.*" ) );
if ( sslcaindx != -1 )
{
connectionItems.replace( sslcaindx, caparam );
}
else
{
connectionItems.append( caparam );
}
}

return true;
}

0 comments on commit 3fab140

Please sign in to comment.
You can’t perform that action at this time.