Skip to content
Permalink
Browse files

Merge pull request #5524 from boundlessgeo/basic_cas_backport

[bugfix][auth] Basic method uses trusted CAs when connecting to DB
  • Loading branch information
elpaso committed Nov 3, 2017
2 parents 08889c7 + 3fab140 commit 92ce3be3e815963eed053d1555cc4ded713ec254
Showing with 21 additions and 0 deletions.
  1. +21 −0 src/auth/basic/qgsauthbasicmethod.cpp
@@ -22,6 +22,7 @@

#include <QNetworkProxy>
#include <QMutexLocker>
#include <QUuid>

static const QString AUTH_METHOD_KEY = "Basic";
static const QString AUTH_METHOD_DESCRIPTION = "Basic authentication";
@@ -126,6 +127,26 @@ bool QgsAuthBasicMethod::updateDataSourceUriItems( QStringList &connectionItems,
connectionItems.append( passparam );
}

// add extra CAs
// save CAs to temp file
QString tempFileBase = QLatin1String( "tmp_basic_%1.pem" );
QString caFilePath = QgsAuthCertUtils::pemTextToTempFile(
tempFileBase.arg( QUuid::createUuid().toString() ),
QgsAuthManager::instance()->getTrustedCaCertsPemText( ) );
if ( ! caFilePath.isEmpty() )
{
QString caparam = "sslrootcert='" + caFilePath + "'";
int sslcaindx = connectionItems.indexOf( QRegExp( "^sslrootcert='.*" ) );
if ( sslcaindx != -1 )
{
connectionItems.replace( sslcaindx, caparam );
}
else
{
connectionItems.append( caparam );
}
}

return true;
}

0 comments on commit 92ce3be

Please sign in to comment.
You can’t perform that action at this time.