[mapserver-dev] cURL and https
Julien-Samuel Lacroix
jlacroix at mapgears.com
Mon Apr 21 15:36:37 EDT 2008
Hi,
When trying to connect to a https server, libcurl performs a SSL
certificate verification by default:
http://curl.netmirror.org/docs/sslcerts.html
This is done by providing cURL with a CA cert bundle file. There's a
default location for this file that is defined during the ./configure.
If the file is not present the connection is aborted and a cURL error is
printed in the error_log.
The main problem is that with installer like FGS, the file is not
installed where it should be. This will also become a bigger problem in
the near future because cURL (from 7.18 I think) is not including an
up-to-date CA cert bundle with the library anymore. It will have to be
installed by hand.
It's possible to define where to look for the CA cert bundle or to not
look for the certificate at all in the C code. However we can't just
hardcode a location. The libcurl command-line interface support an
environment variable called CURL_CA_BUNDLE, but this is not available in
the C API. Searching for a solution I found out that other projects are
simply implementing the support for this environment variable in their code.
What other think of implementing this in MapServer? When the environment
variable is set, use that for the certificate location.
Any suggestion/comment/thought?
Julien
--
Julien-Samuel Lacroix
Mapgears
http://www.mapgears.com/
More information about the mapserver-dev
mailing list