Bug report #17392
Additional Certification Authorities are ignored when connecting to postgis with SSL
|Affected QGIS version:||master||Regression?:||No|
|Operating System:||Easy fix?:||Yes|
|Pull Request or Patch supplied:||No||Resolution:|
|Crashes QGIS or corrupts data:||No||Copied to github as #:||25289|
See attached failing test.
When connecting to PG the provider does not add trusted CAs to the connection and ignores the QGIS certificate manager altogether.
This issue does not arise with PKI-based auth methods because they do add trusted CAs to the connection.
Proposed implementation: PG provider should add trusted CAs to the connection even if/when no authentication method is used, a check on the SSL-mode connection configuration can probably be used to determine if the trusted CAs must be added (i.e. always add unless == 'disable').
As an alternative, a checkbox to add add trusted CAs to the connection could be added to PG configuration dialog.
Any other providers that do not use QgsNetworkAccessManager should be checked for the same issue.