[gdal-dev] GDAL client certificates: CURLOPT_SSLCERT/curl_easy_setopt missing?

Sat Apr 29 06:21:27 PDT 2023

Stephan,

this should be addressed per https://github.com/OSGeo/gdal/pull/7657. 
I'd appreciate if you could do some runtime testing of this pull 
request, as it was only compile tested on my side.

There's no option to honor .curlrc, and it doesn't look trivial to add 
support for that given this is something specific to the "curl" binary 
itself, not the libcurl library (cf 
https://stackoverflow.com/questions/3698605/can-libcurl-be-configured-to-use-my-curlrc-when-used-from-php). 

You may get a similar functionality by setting the GDAL configuration 
options in the GDAL configuration file: 
https://gdal.org/user/configoptions.html#gdal-configuration-file

Even

Le 27/04/2023 à 08:36, Stephan Imfeld a écrit :
> Hi
>
> We are trying to serve some COG-Tiffs using a https server. Some of them require authentication. Accessing the data without or with basic authentication through gdal/qgis using /vsicurl/... works fine, but we have not found a way to use client certificates.
>
> Using curl (7.81.0) directly (with
> CURLOPT_SSLCERT/CURLOPT_SSLKEY/CURLOPT_KEYPASSWD/CURLOPT_SSLCERTTYPE)
> works fine with client certificates enabled, even when using the options in a .curlrc file.
>
> But it seems to be that libcurl does not honor .curlrc, and consequently we have not been able to get gdal working with the client certificate.
>
> Maybe I overlooked something during the past few days, but I have not been able to get it working through gdal. Is there a way passing CURLOPT_SSLCERT/CURLOPT_SSLKEY/CURLOPT_KEYPASSWD/CURLOPT_SSLCERTTYPE (or using curl_easey_setup in a more general way) from gdal to libcurl? Any other ways to do it?
>
> Regards,
> Stephan
>
> _______________________________________________
> gdal-dev mailing list
> gdal-dev at lists.osgeo.org
> https://lists.osgeo.org/mailman/listinfo/gdal-dev

-- 
http://www.spatialys.com
My software is free, but my time generally not.