Skip to content

Commit

Permalink
[bugfix][auth] Basic method uses trusted CAs when connecting to DB
Browse files Browse the repository at this point in the history 
Fixes #17392
  • Loading branch information
@elpaso
elpaso committed Nov 3, 2017
1 parent 9c5ace0 commit 73fec4a
Showing 1 changed file with 23 additions and 0 deletions.
23 changes: 23 additions & 0 deletions src/auth/basic/qgsauthbasicmethod.cpp
View file
Expand Up @@ -23,6 +23,7 @@

#include <QNetworkProxy>
#include <QMutexLocker>
#include <QUuid>

static const QString AUTH_METHOD_KEY = QStringLiteral( "Basic" );
static const QString AUTH_METHOD_DESCRIPTION = QStringLiteral( "Basic authentication" );
Expand Down Expand Up @@ -123,6 +124,28 @@ bool QgsAuthBasicMethod::updateDataSourceUriItems( QStringList &connectionItems,
connectionItems.append( passparam );
}

// add extra CAs
QList<QSslCertificate> cas;
cas = QgsApplication::authManager()->trustedCaCerts();
// save CAs to temp file
QString tempFileBase = QStringLiteral( "tmp_basic_%1.pem" );

This comment has been minimized.

Sign in to view

Copy link
@luipir

luipir Nov 3, 2017

Contributor

would be possibile to maintain a uniform tempFileBase. In all other auth method is tmppki_{uuid}.pem
e.g. https://github.com/qgis/QGIS/blob/master/src/auth/pkipkcs12/qgsauthpkcs12method.cpp#L138
QString caFilePath = QgsAuthCertUtils::pemTextToTempFile(
tempFileBase.arg( QUuid::createUuid().toString() ),
QgsAuthCertUtils::certsToPemText( cas ) );
if ( ! caFilePath.isEmpty() )
{
QString caparam = "sslrootcert='" + caFilePath + "'";
int sslcaindx = connectionItems.indexOf( QRegExp( "^sslrootcert='.*" ) );
if ( sslcaindx != -1 )
{
connectionItems.replace( sslcaindx, caparam );
}
else
{
connectionItems.append( caparam );
}
}

return true;
}

Expand Down

0 comments on commit 73fec4a

Please sign in to comment.