Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Merge pull request #30111 from m-kuhn/ssl_certificate_check-3_4
Only check server SSL certificate if requested
  • Loading branch information
m-kuhn committed Jun 7, 2019
2 parents 988e659 + c358c3a commit e517cc4
Showing 1 changed file with 18 additions and 8 deletions.
26 changes: 18 additions & 8 deletions src/auth/basic/qgsauthbasicmethod.cpp
Expand Up @@ -105,18 +105,28 @@ bool QgsAuthBasicMethod::updateDataSourceUriItems( QStringList &connectionItems,
return false;
}

QString sslMode = QStringLiteral( "prefer" );
int sslModeIdx = connectionItems.indexOf( QRegExp( "^sslmode=.*" ) );
if ( sslModeIdx != -1 )
{
sslMode = connectionItems.at( sslModeIdx ).split( '=' ).at( 1 );
}

// SSL Extra CAs
QString caparam;
QList<QSslCertificate> cas;
cas = QgsApplication::authManager()->trustedCaCerts();
// save CAs to temp file
QString tempFileBase = QStringLiteral( "tmp_basic_%1.pem" );
QString caFilePath = QgsAuthCertUtils::pemTextToTempFile(
tempFileBase.arg( QUuid::createUuid().toString() ),
QgsAuthCertUtils::certsToPemText( cas ) );
if ( ! caFilePath.isEmpty() )
if ( sslMode.startsWith( QStringLiteral( "verify-" ) ) )
{
caparam = "sslrootcert='" + caFilePath + "'";
cas = QgsApplication::authManager()->trustedCaCerts();
// save CAs to temp file
QString tempFileBase = QStringLiteral( "tmp_basic_%1.pem" );
QString caFilePath = QgsAuthCertUtils::pemTextToTempFile(
tempFileBase.arg( QUuid::createUuid().toString() ),
QgsAuthCertUtils::certsToPemText( cas ) );
if ( ! caFilePath.isEmpty() )
{
caparam = "sslrootcert='" + caFilePath + "'";
}
}

// Branch for OGR
Expand Down

0 comments on commit e517cc4

Please sign in to comment.