[gdal-dev] GDAL, Proj and cacert

[Even Rouault]

Hi,
>
> - What would be nice would be an explicit way of setting the default 
> for PROJ. Since version 7 - PROJ has an ini file but it does not seem 
> to include the cacert file. I can see why that might be seen as being 
> a potential security hole - although I would point out that the ini 
> file DOES allow specification of the CDN URL. From a security point of 
> view - those two facts together kind of say "you can do a man in the 
> middle attack if and only if your attack is inherently insecure" ... :)
(Most of the time things are the way they are because nobody had the 
need to implement the missing feature or took time to do it. People able 
to control environment variables or the content of a local file are 
equivalent "threats")

https://github.com/OSGeo/PROJ/pull/3049 should help hopefully

Even

-- 
http://www.spatialys.com
My software is free, but my time generally not.