[gdal-dev] libcurl and the certificates and Windows

[Even Rouault]

On samedi 3 juin 2017 17:04:07 CEST Joaquim Luis wrote:
> Hi,
> 
> For quite some time I cannot use the 'vsis' because of certificates issue.
> For example, a GMT test that has a command like this no longer works on
> Windows
> 
> gdalinfo
> /vsicurl/http://larryfire.files.wordpress.com/2009/07/untooned_jessicarabbit
> .jpg
> 
> because
> 
> ERROR 11: HTTP response code: 301 - SSL certificate problem: unable to get
> local issuer certificate
> gdalinfo failed - unable to open
> '/vsicurl/http://larryfire.files.wordpress.com/2009/07/untooned_jessicarabbi
> t.jpg'.
> 
> It used to work but probably with an older libcurl dll.
> The above is with my own build gdal and dependencies (libcurl included)
> but the same happens with the gisinternals binaries.
> 
> I have re(and re)ad this page about the certificates
> 
> https://curl.haxx.se/docs/sslcerts.html
> 
> but regarding Windows and the curl-ca-bundle.crt file what is said about
> it simply does not work. The only thing that works is setting the ENV
> variable
> 
> set CURL_CA_BUNDLE=V:\bin\curl-ca-bundle.crt
> 
> Now, we had this in GMT recently and I used the nuke option
> 
> 	curl_easy_setopt (Curl, CURLOPT_SSL_VERIFYPEER, 0L);	/* Tell libcurl to
> not verify the peer */
> 
> so tried to do the same thing in the GDAL code (the obvious point seamed
> to be VSICurlSetOptions in cpl_vsi_curl.cpp) but still does not work.

Someone reported to me a similar issue with recent OSGeo4W.

Did you try setting GDAL_HTTP_UNSAFESSL=YES? This is taken into account in 
CPLHTTPSetOptions() that is called by VSICurlSetOptions(), and this set 
CURLOPT_SSL_VERIFYPEER=0 and 	CURLOPT_SSL_VERIFYHOST=0.

This solved the issue.

Even

-- 
Spatialys - Geospatial professional services
http://www.spatialys.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/gdal-dev/attachments/20170603/a82f4454/attachment.html>