[mapserver-users] SSL curl error when hitting HTTP WMS

Tue Jun 9 07:54:56 PDT 2020

Should a bug/enhancement request be opened against this?
Maybe there should be an option like:

PROCESSING "UNSAFESSL=YES"

So mapserver can handle this directly from the mapfile?

-Steve W

On 6/9/2020 6:55 AM, Rahkonen Jukka (MML) wrote:
> Hi,
>
> The service indeed seems to redirect into https address.
>
> GDAL has an "unsafeSSL" option but I believe that Mapserver does not http://osgeo-org.1560.x6.nabble.com/https-url-with-MapServer-as-WMS-client-td5332403.html.
>
> Perhaps you could bypass the certificate check by setting a general curl insecure option as in https://www.cyberciti.biz/faq/how-to-curl-ignore-ssl-certificate-warnings-command-option/. However, it feels rather risky to do it at that level.
>
> -Jukka Rahkonen-
>
> -----Alkuperäinen viesti-----
> Lähettäjä: mapserver-users <mapserver-users-bounces at lists.osgeo.org> Puolesta Jeff McKenna
> Lähetetty: tiistai 9. kesäkuuta 2020 13.10
> Vastaanottaja: mapserver-users at lists.osgeo.org
> Aihe: Re: [mapserver-users] SSL curl error when hitting HTTP WMS
>
> The WMS service that you mention redirects all requests to HTTPS:
> https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WmsServer?
>
> -jeff
>
>
>
> --
> Jeff McKenna
> MapServer Consulting and Training Services co-founder of FOSS4G http://gatewaygeo.com/
>
>
>
> On 2020-06-09 2:46 a.m., John Huotari wrote:
>> I’m attempting to hit a WMS using HTTP, not HTTPS, but I run into the
>> following SSL error
>>
>> HTTP: request failed with curl error code 60 (SSL certificate problem:
>> unable to get local issuer certificate)
>>
>> I can get around this error by downloading a CA bundle file and setting
>> the CURL_CA_BUNDLE environment variable to point to it, but why is a CA
>> bundle file necessary when not even using SSL (hitting a WMS using HTTP,
>> not HTTPS)?  Does anyone know a workaround that wouldn’t require
>> deploying a CA bundle file to my servers and setting an environment
>> variable to point to it?
>>
>> I’m currently using the stable release of MSVC 2017 x64 package
>> downloaded from GISInternals - http://www.gisinternals.com/release.php
>>
>> A sample mapfile looks like this
>>
>> MAP
>>
>>     NAME USA1
>>
>>     STATUS ON
>>
>>     IMAGETYPE PNG8
>>
>>     RESOLUTION 72
>>
>>     IMAGECOLOR 255 255 255
>>
>>     UNITS METERS
>>
>>     PROJECTION "proj=lcc" "lat_1=20" "lat_2=60" "lat_0=40"
>> "lon_0=-112.52116185" "x_0=0" "y_0=0" "ellps=GRS80" "units=m"
>> "datum=NAD83" END
>>
>>     SIZE 1500 1500
>>
>>     EXTENT -45292.7219576058 780481.616003812 45290.5126012127
>> 871065.05991903
>>
>>     LAYER
>>
>>      NAME "WMS_DRG"
>>
>>       TYPE RASTER
>>
>>       STATUS ON
>>
>>       PROJECTION "proj=longlat" "ellps=GRS80" "datum=NAD83" "no_defs" END
>>
>>       CONNECTION
>> "http://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WmsServer?"
>>
>>       CONNECTIONTYPE WMS
>>
>>       METADATA
>>
>>         "wms_srs"  "EPSG:4326"
>>
>>         "wms_name"  "0"
>>
>>         "wms_server_version"  "1.1.1"
>>
>>         "wms_format"  "image/png"
>>
>>       END
>>
>>     END
>>
>> END
>>
>
>
> _______________________________________________
> mapserver-users mailing list
> mapserver-users at lists.osgeo.org
> https://lists.osgeo.org/mailman/listinfo/mapserver-users
> _______________________________________________
> mapserver-users mailing list
> mapserver-users at lists.osgeo.org
> https://lists.osgeo.org/mailman/listinfo/mapserver-users