[Qgis-developer] SSL error on QGIS startup
larrys at dakotacarto.com
Sat Oct 3 10:47:46 PDT 2015
On Fri, Oct 2, 2015 at 12:07 AM, Andreas Neumann <a.neumann at carto.net>
> Since the integration of the new authentication system from Larry I am now
> getting an SSL error on Startup. See
> I have no idea what it means and what I can do in order to get rid of this
> error message.
This is not related to the new authentication system, though I thought that
was the case for a while and spent a bunch of effort trying to fix it. See
issue http://hub.qgis.org/issues/13471 for a script showing it is an issue
with some certificate chain validations and Qt4.
I think the issue started when QgsNetworkAccessManager was added for proxy
support to the Welcome page. Before that the Welcome page's access manager
did not have its sslErrors() signal connected to the QGIS app SSL error
dialog slot. (On Mac, the page didn't even load until the manager was
added.) There were a couple of days it was connected, then the new auth
system was merged and the dialog significantly changed, i.e. it looked like
the auth system merge caused the issue.
In the future, there are workarounds for the https://*google.com cert chain
in network access:
* Save an SSL configuration with 'Do not verify peer certs' set for 'Peer
validation' section (works on all platforms)
* Copy API script to source tree or remote server where calling page resides
* Use http:// instead of https:// to access the Google API script, though
this not a good approach security-wise
Untested whether this is possibly fixed with Qt5.
Black Hills, South Dakota
> Does it mean that the connection to https://www.google.com/jsapi is not
> secure? Is QGIS now contacting a Google server at each startup?
> Thank you for any hint about this error message.
> Qgis-developer mailing list
> Qgis-developer at lists.osgeo.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Qgis-developer