[gdal-dev] libcurl and the certificates and Windows

Even Rouault even.rouault at spatialys.com
Sat Jun 3 09:22:33 PDT 2017

On samedi 3 juin 2017 17:04:07 CEST Joaquim Luis wrote:
> Hi,
> For quite some time I cannot use the 'vsis' because of certificates issue.
> For example, a GMT test that has a command like this no longer works on
> Windows
> gdalinfo
> /vsicurl/http://larryfire.files.wordpress.com/2009/07/untooned_jessicarabbit
> .jpg
> because
> ERROR 11: HTTP response code: 301 - SSL certificate problem: unable to get
> local issuer certificate
> gdalinfo failed - unable to open
> '/vsicurl/http://larryfire.files.wordpress.com/2009/07/untooned_jessicarabbi
> t.jpg'.
> It used to work but probably with an older libcurl dll.
> The above is with my own build gdal and dependencies (libcurl included)
> but the same happens with the gisinternals binaries.
> I have re(and re)ad this page about the certificates
> https://curl.haxx.se/docs/sslcerts.html
> but regarding Windows and the curl-ca-bundle.crt file what is said about
> it simply does not work. The only thing that works is setting the ENV
> variable
> set CURL_CA_BUNDLE=V:\bin\curl-ca-bundle.crt
> Now, we had this in GMT recently and I used the nuke option
> 	curl_easy_setopt (Curl, CURLOPT_SSL_VERIFYPEER, 0L);	/* Tell libcurl to
> not verify the peer */
> so tried to do the same thing in the GDAL code (the obvious point seamed
> to be VSICurlSetOptions in cpl_vsi_curl.cpp) but still does not work.

Someone reported to me a similar issue with recent OSGeo4W.

Did you try setting GDAL_HTTP_UNSAFESSL=YES? This is taken into account in 
CPLHTTPSetOptions() that is called by VSICurlSetOptions(), and this set 

This solved the issue.


Spatialys - Geospatial professional services
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/gdal-dev/attachments/20170603/a82f4454/attachment.html>

More information about the gdal-dev mailing list