Merge pull request #5524 from boundlessgeo/basic_cas_backport

[bugfix][auth] Basic method uses trusted CAs when connecting to DB
qgis · Nov 3, 2017 · 92ce3be · 92ce3be
2 parents 08889c7 + 3fab140
commit 92ce3be
Showing 1 changed file with 21 additions and 0 deletions.
diff --git a/src/auth/basic/qgsauthbasicmethod.cpp b/src/auth/basic/qgsauthbasicmethod.cpp
@@ -22,6 +22,7 @@
 
 #include <QNetworkProxy>
 #include <QMutexLocker>
+#include <QUuid>
 
 static const QString AUTH_METHOD_KEY = "Basic";
 static const QString AUTH_METHOD_DESCRIPTION = "Basic authentication";
@@ -126,6 +127,26 @@ bool QgsAuthBasicMethod::updateDataSourceUriItems( QStringList &connectionItems,
     connectionItems.append( passparam );
   }
 
+  // add extra CAs
+  // save CAs to temp file
+  QString tempFileBase = QLatin1String( "tmp_basic_%1.pem" );
+  QString caFilePath = QgsAuthCertUtils::pemTextToTempFile(
+                         tempFileBase.arg( QUuid::createUuid().toString() ),
+                         QgsAuthManager::instance()->getTrustedCaCertsPemText( ) );
+  if ( ! caFilePath.isEmpty() )
+  {
+    QString caparam = "sslrootcert='" + caFilePath + "'";
+    int sslcaindx = connectionItems.indexOf( QRegExp( "^sslrootcert='.*" ) );
+    if ( sslcaindx != -1 )
+    {
+      connectionItems.replace( sslcaindx, caparam );
+    }
+    else
+    {
+      connectionItems.append( caparam );
+    }
+  }
+
   return true;
 }