Bug report #17392

Additional Certification Authorities are ignored when connecting to postgis with SSL

Added by Alessandro Pasotti over 2 years ago. Updated over 2 years ago.

Status:Closed
Priority:High
Assignee:Alessandro Pasotti
Category:Authentication system
Affected QGIS version:master Regression?:No
Operating System: Easy fix?:Yes
Pull Request or Patch supplied:No Resolution:
Crashes QGIS or corrupts data:No Copied to github as #:25289

Description

See attached failing test.

When connecting to PG the provider does not add trusted CAs to the connection and ignores the QGIS certificate manager altogether.

This issue does not arise with PKI-based auth methods because they do add trusted CAs to the connection.

Proposed implementation: PG provider should add trusted CAs to the connection even if/when no authentication method is used, a check on the SSL-mode connection configuration can probably be used to determine if the trusted CAs must be added (i.e. always add unless == 'disable').
As an alternative, a checkbox to add add trusted CAs to the connection could be added to PG configuration dialog.

Any other providers that do not use QgsNetworkAccessManager should be checked for the same issue.

test_authmanager_password_postgres.py Magnifier (8.47 KB) Alessandro Pasotti, 2017-11-03 10:51 AM

Associated revisions

Revision 73fec4ad
Added by Alessandro Pasotti over 2 years ago

[bugfix][auth] Basic method uses trusted CAs when connecting to DB

Fixes #17392

Revision 3fab1404
Added by Alessandro Pasotti over 2 years ago

[bugfix][auth] Basic method uses trusted CAs when connecting to DB

Fixes #17392

Backport of Basic auth CAs fix from master

History

#1 Updated by Anonymous over 2 years ago

  • % Done changed from 0 to 100
  • Status changed from Open to Closed

#2 Updated by Luigi Pirelli over 2 years ago

I'll backport to 2.18

Also available in: Atom PDF