Skip to content

Commit

Permalink
Only check server SSL certificate if requested
Browse files Browse the repository at this point in the history
Fix #30075
  • Loading branch information
m-kuhn committed Jun 4, 2019
1 parent 8b83a46 commit 41650fc
Showing 1 changed file with 18 additions and 8 deletions.
26 changes: 18 additions & 8 deletions src/auth/basic/qgsauthbasicmethod.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -105,18 +105,28 @@ bool QgsAuthBasicMethod::updateDataSourceUriItems( QStringList &connectionItems,
return false;
}

QString sslMode = QStringLiteral( "prefer" );
int sslModeIdx = connectionItems.indexOf( QRegExp( "^sslmode='.*" ) );
if ( sslModeIdx != -1 )
{
sslMode = connectionItems.at( sslModeIdx ).split( '=' ).at( 1 );
}

// SSL Extra CAs
QString caparam;
QList<QSslCertificate> cas;
cas = QgsApplication::authManager()->trustedCaCerts();
// save CAs to temp file
QString tempFileBase = QStringLiteral( "tmp_basic_%1.pem" );
QString caFilePath = QgsAuthCertUtils::pemTextToTempFile(
tempFileBase.arg( QUuid::createUuid().toString() ),
QgsAuthCertUtils::certsToPemText( cas ) );
if ( ! caFilePath.isEmpty() )
if ( sslMode.startsWith( QStringLiteral( "verify-" ) ) )
{
caparam = "sslrootcert='" + caFilePath + "'";
cas = QgsApplication::authManager()->trustedCaCerts();
// save CAs to temp file
QString tempFileBase = QStringLiteral( "tmp_basic_%1.pem" );
QString caFilePath = QgsAuthCertUtils::pemTextToTempFile(
tempFileBase.arg( QUuid::createUuid().toString() ),
QgsAuthCertUtils::certsToPemText( cas ) );
if ( ! caFilePath.isEmpty() )
{
caparam = "sslrootcert='" + caFilePath + "'";
}
}

// Branch for OGR
Expand Down

0 comments on commit 41650fc

Please sign in to comment.