QGIS Overrides Username with SSL Certificate CN when Connecting to Google Cloud SQL

[COWI-MI]

What is the bug or the crash?

Description: When using an SSL client certificate to connect to a Google Cloud SQL PostgreSQL (PostGIS) instance, QGIS ignores the provided username and uses the certificate’s Common Name (CN) instead. This behavior causes authentication failures when the certificate CN does not match the intended database username.

Additional Information:

QGIS Version: 3.24.15
Operating System: Win 11
Cloud SQL Instance: PostgreSQL 14.15, PostGIS 3.1

Possible Workaround: Currently, a workaround is to generate a new client certificate with a CN matching the intended username (postgres), or to create a corresponding user in PostgreSQL that matches the certificate’s CN.

Screenshots of conection and error

Request: Please investigate if QGIS can provide an option to decouple the certificate’s CN from the username or allow overriding the username specified in the connection settings.

Steps to reproduce the issue

Steps to Reproduce:

Prepare Environment:
    Deploy a Cloud SQL PostgreSQL instance with PostGIS enabled on GCP.
    Create a database user (e.g., postgres).

Generate Certificate:
    In the GCP Cloud SQL console, generate a client certificate.
    Note: In our case, the certificate is generated with the CN cecl3.

Set Up QGIS Connection:

Observed Behavior:
    QGIS uses the CN (cecl3) from the certificate as the username during the SSL handshake.
    PostgreSQL attempts to authenticate the connection as cecl3, which fails if that user does not exist or lacks appropriate permissions.

Expected Behavior:
    QGIS should use the provided username (postgres) for the connection, irrespective of the certificate’s CN, or at least provide a way to override the certificate CN.

Versions

<style type="text/css"> p, li { white-space: pre-wrap; } </style>

QGIS version	3.34.15-Prizren	QGIS code revision	386f258
Qt version	5.15.13
Python version	3.12.8
GDAL/OGR version	3.10.1
PROJ version	9.5.1
EPSG Registry database version	v11.022 (2024-11-05)
GEOS version	3.13.0-CAPI-1.19.0
SQLite version	3.46.1
PDAL version	2.8.3
PostgreSQL client version	unknown
SpatiaLite version	5.1.0
QWT version	6.3.0
QScintilla2 version	2.14.1
OS version	Windows 11 Version 2009
Active Python plugins
db_manager	0.1.20
grassprovider	2.12.99
MetaSearch	0.3.6
processing	2.12.99

QGIS version 3.34.15-Prizren QGIS code revision [386f258](https://github.com/qgis/QGIS/commit/386f2583) Qt version 5.15.13 Python version 3.12.8 GDAL/OGR version 3.10.1 PROJ version 9.5.1 EPSG Registry database version v11.022 (2024-11-05) GEOS version 3.13.0-CAPI-1.19.0 SQLite version 3.46.1 PDAL version 2.8.3 PostgreSQL client version unknown SpatiaLite version 5.1.0 QWT version 6.3.0 QScintilla2 version 2.14.1 OS version Windows 11 Version 2009

Active Python plugins
db_manager
0.1.20
grassprovider
2.12.99
MetaSearch
0.3.6
processing
2.12.99

Supported QGIS version

• I'm running a supported QGIS version according to the roadmap.

New profile

• I tried with a new QGIS profile

Additional context

No response