Skip to content
Permalink
Browse files

[bugfix][auth] Basic method uses trusted CAs when connecting to DB

Fixes #17392
  • Loading branch information
elpaso committed Nov 3, 2017
1 parent 9c5ace0 commit 73fec4adc7f07b8a7e5acb3758a8eb3e97337c0f
Showing with 23 additions and 0 deletions.
  1. +23 −0 src/auth/basic/qgsauthbasicmethod.cpp
@@ -23,6 +23,7 @@

#include <QNetworkProxy>
#include <QMutexLocker>
#include <QUuid>

static const QString AUTH_METHOD_KEY = QStringLiteral( "Basic" );
static const QString AUTH_METHOD_DESCRIPTION = QStringLiteral( "Basic authentication" );
@@ -123,6 +124,28 @@ bool QgsAuthBasicMethod::updateDataSourceUriItems( QStringList &connectionItems,
connectionItems.append( passparam );
}

// add extra CAs
QList<QSslCertificate> cas;
cas = QgsApplication::authManager()->trustedCaCerts();
// save CAs to temp file
QString tempFileBase = QStringLiteral( "tmp_basic_%1.pem" );

This comment has been minimized.

Copy link
@luipir

luipir Nov 3, 2017

Contributor

would be possibile to maintain a uniform tempFileBase. In all other auth method is tmppki_{uuid}.pem
e.g. https://github.com/qgis/QGIS/blob/master/src/auth/pkipkcs12/qgsauthpkcs12method.cpp#L138

QString caFilePath = QgsAuthCertUtils::pemTextToTempFile(
tempFileBase.arg( QUuid::createUuid().toString() ),
QgsAuthCertUtils::certsToPemText( cas ) );
if ( ! caFilePath.isEmpty() )
{
QString caparam = "sslrootcert='" + caFilePath + "'";
int sslcaindx = connectionItems.indexOf( QRegExp( "^sslrootcert='.*" ) );
if ( sslcaindx != -1 )
{
connectionItems.replace( sslcaindx, caparam );
}
else
{
connectionItems.append( caparam );
}
}

return true;
}

0 comments on commit 73fec4a

Please sign in to comment.
You can’t perform that action at this time.