Bug report #17392
Additional Certification Authorities are ignored when connecting to postgis with SSL
| Status: | Closed | ||
|---|---|---|---|
| Priority: | High | ||
| Assignee: |  Alessandro Pasotti | ||
| Category: | Authentication system | ||
| Affected QGIS version: | master | Regression?: | No |
| Operating System: | Easy fix?: | Yes | |
| Pull Request or Patch supplied: | No | Resolution: | |
| Crashes QGIS or corrupts data: | No | Copied to github as #: | 25289 |
Description
See attached failing test.
When connecting to PG the provider does not add trusted CAs to the connection and ignores the QGIS certificate manager altogether.
This issue does not arise with PKI-based auth methods because they do add trusted CAs to the connection.
Proposed implementation: PG provider should add trusted CAs to the connection even if/when no authentication method is used, a check on the SSL-mode connection configuration can probably be used to determine if the trusted CAs must be added (i.e. always add unless == 'disable').
As an alternative, a checkbox to add add trusted CAs to the connection could be added to PG configuration dialog.
Any other providers that do not use QgsNetworkAccessManager should be checked for the same issue.
test_authmanager_password_postgres.py 
(8.47 KB)
Associated revisions
[bugfix][auth] Basic method uses trusted CAs when connecting to DB
Fixes #17392
[bugfix][auth] Basic method uses trusted CAs when connecting to DB
Fixes #17392
Backport of Basic auth CAs fix from master
History
#1 Updated by Anonymous about 7 years ago
- % Done changed from 0 to 100
- Status changed from Open to Closed
Applied in changeset qgis|73fec4adc7f07b8a7e5acb3758a8eb3e97337c0f.
#2
Updated by Luigi Pirelli about 7 years ago
I'll backport to 2.18