Skip to content

Commit 73fec4a

Browse files
elpasoelpaso
committedNov 3, 2017
[bugfix][auth] Basic method uses trusted CAs when connecting to DB
Fixes #17392
·
ltr-3_40final-3_0_0
1 parent 9c5ace0 commit 73fec4a

File tree

1 file changed

+23
-0
lines changed

1 file changed

+23
-0
lines changed
 

‎src/auth/basic/qgsauthbasicmethod.cpp

Lines changed: 23 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -23,6 +23,7 @@
2323

2424
#include <QNetworkProxy>
2525
#include <QMutexLocker>
26+
#include <QUuid>
2627

2728
static const QString AUTH_METHOD_KEY = QStringLiteral( "Basic" );
2829
static const QString AUTH_METHOD_DESCRIPTION = QStringLiteral( "Basic authentication" );
@@ -123,6 +124,28 @@ bool QgsAuthBasicMethod::updateDataSourceUriItems( QStringList &connectionItems,
123124
connectionItems.append( passparam );
124125
}
125126

127+
// add extra CAs
128+
QList<QSslCertificate> cas;
129+
cas = QgsApplication::authManager()->trustedCaCerts();
130+
// save CAs to temp file
131+
QString tempFileBase = QStringLiteral( "tmp_basic_%1.pem" );
Code has comments. Press enter to view.
132+
QString caFilePath = QgsAuthCertUtils::pemTextToTempFile(
133+
tempFileBase.arg( QUuid::createUuid().toString() ),
134+
QgsAuthCertUtils::certsToPemText( cas ) );
135+
if ( ! caFilePath.isEmpty() )
136+
{
137+
QString caparam = "sslrootcert='" + caFilePath + "'";
138+
int sslcaindx = connectionItems.indexOf( QRegExp( "^sslrootcert='.*" ) );
139+
if ( sslcaindx != -1 )
140+
{
141+
connectionItems.replace( sslcaindx, caparam );
142+
}
143+
else
144+
{
145+
connectionItems.append( caparam );
146+
}
147+
}
148+
126149
return true;
127150
}
128151

0 commit comments

Comments
 (0)
Please sign in to comment.