[Qgis-user] Problem installing QGIS on Ubuntu 20.04 - key authentification

Richard Duivenvoorde rdmailings at duif.net
Tue Aug 11 07:34:50 PDT 2020 

(not this is NOT related to earlier certificate issue around installing!!)

FYI, I get the same message (running master AND 3.14 on Debian Testing):

../src/core/qgsowsconnection.cpp:85 : (QgsOwsConnection) [0ms] encoded uri: 'dpiMode=7&url=https://gibs.earthdata.nasa.gov/wms/epsg4326/best/wms.cgi'.
../src/providers/wms/qgswmscapabilities.cpp:40 : (parseUri) [0ms] uriString = dpiMode=7&url=https://gibs.earthdata.nasa.gov/wms/epsg4326/best/wms.cgi
../src/providers/wms/qgswmscapabilities.cpp:126 : (parseUri) [0ms] mBaseUrl = https://gibs.earthdata.nasa.gov/wms/epsg4326/best/wms.cgi?
../src/providers/wms/qgswmscapabilities.cpp:139 : (parseUri) [0ms] Entering: layers:, styles:
../src/providers/wms/qgswmscapabilities.cpp:142 : (parseUri) [0ms] Setting image encoding to .
../src/providers/wms/qgswmscapabilities.cpp:193 : (parseUri) [0ms] Contextual legend: 0
../src/providers/wms/qgswmscapabilities.cpp:2348 : (downloadCapabilities) [25ms] entering: forceRefresh=1
../src/providers/wms/qgswmscapabilities.cpp:2357 : (downloadCapabilities) [0ms] url = https://gibs.earthdata.nasa.gov/wms/epsg4326/best/wms.cgi?SERVICE=WMS&REQUEST=GetCapabilities
../src/core/qgsnetworkaccessmanager.cpp:231 : (createRequest) [0ms] Adding trusted CA certs to request
../src/core/qgsnetworkaccessmanager.cpp:112 : (queryProxy) [1ms] using fallback proxy for https://gibs.earthdata.nasa.gov/wms/epsg4326/best/wms.cgi?SERVICE=WMS&REQUEST=GetCapabilities
../src/core/qgsnetworkaccessmanager.cpp:288 : (createRequest) [0ms] Created [reply:55c59ecc2d10]
../src/providers/wms/qgswmscapabilities.cpp:2404 : (capabilitiesReplyProgress) [216ms] 0 of 0 bytes of capabilities downloaded.
../src/core/qgsmessagelog.cpp:29 : (logMessage) [0ms] 2020-08-11T16:27:44 WMS[1] Download of capabilities failed: SSL handshake failed

You can make an issue for this, because it is strange that some versions of Qt accept this certificate, and others do not.

Note that if I try to retrieve the capabilities using curl, I also get an error:

$ curl -v https://gibs.earthdata.nasa.gov/wms/epsg4326/best/wms.cgi?SERVICE=WMS&REQUEST=GetCapabilities
[1] 443262
[richard at oost ~]$ *   Trying 2001:4d0:241a:442::5:443...
* TCP_NODELAY set
* Connected to gibs.earthdata.nasa.gov (2001:4d0:241a:442::5) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (OUT), TLS alert, handshake failure (552):
* error:1414D172:SSL routines:tls12_check_peer_sigalg:wrong signature type
* Closing connection 0
curl: (35) error:1414D172:SSL routines:tls12_check_peer_sigalg:wrong signature type

So my guess is that there is an certificate error on the WMS-site?

Some version info for those who maybe can figure out this:

$ curl --version
curl 7.68.0 (x86_64-pc-linux-gnu) libcurl/7.68.0 OpenSSL/1.1.1g zlib/1.2.11 brotli/1.0.7 libidn2/2.3.0 libpsl/0.21.0 (+libidn2/2.3.0) libssh2/1.8.0 nghttp2/1.41.0 librtmp/2.3
Release-Date: 2020-01-08
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtmp rtsp scp sftp smb smbs smtp smtps telnet tftp 
Features: AsynchDNS brotli GSS-API HTTP2 HTTPS-proxy IDN IPv6 Kerberos Largefile libz NTLM NTLM_WB PSL SPNEGO SSL TLS-SRP UnixSockets


QGIS version
3.15.0-Master
QGIS code revision
68e8e233f5
Compiled against Qt
5.14.2
Running against Qt
5.14.2
Compiled against GDAL/OGR
3.1.2
Running against GDAL/OGR
3.1.2
Compiled against GEOS
3.8.1-CAPI-1.13.3
Running against GEOS
3.8.1-CAPI-1.13.3
Compiled against SQLite
3.32.3
Running against SQLite
3.32.3
PostgreSQL Client Version
12.3 (Debian 12.3-1+b1)
SpatiaLite Version
4.3.0a
QWT Version
6.1.4
QScintilla2 Version
2.11.2
Compiled against PROJ
7.1.0
Running against PROJ
Rel. 7.1.0, August 1st, 2020


Regards,

Richard Duivenvoorde



On 8/11/20 4:21 PM, Andrea Giudiceandrea wrote:
> evaroben wrote
>> gpg: key F7E06F06199EF2F2: 1 Beglaubigung wegen fehlendem Schlüssel nicht
>> geprüft 
>> gpg: Schlüssel F7E06F06199EF2F2: "QGIS Archive Automatic Signing Key 
>> (2020) <
> 
>> qgis-developer at .osgeo
> 
>> >" nicht geändert gpg: Anzahl 
>> insgesamt bearbeiteter Schlüssel: 1 gpg:              unverändert: 1"
> 
> Dear Eva,
> "1 Beglaubigung wegen fehlendem Schlüssel nicht geprüft " (="1 signature not
> checked due to a missing key") just means the imported gpg key with id
> F7E06F06199EF2F2 has 1 signature non verifiable. This is not a problem and
> you can ignore it and it does not prevent to correctly import the key into
> the apt keyring. Moreover, the key F7E06F06199EF2F2 is already in your apt
> keyring ("Schlüssel ... nicht geändert", "unverändert: 1"). You can check
> this running "sudo apt-key list F7E06F06199EF2F2".
> 
> Anyway AFAIK this gpg key is only needed for the QGIS installation and
> update process and is not related with your SSL protocol connection error.
> 
> Which QGIS version are you using? I suppose 3.14.1, isn't it?
> 
> I can connect to the WMS sever at
> https://gibs.earthdata.nasa.gov/wms/epsg4326/best/wms.cgi using:
> QGIS 3.14.0 on Windows 10
> QGIS 3.14.1 on Ubuntu 18.04
> QGIS 3.12.3 (Flatpak) on Ubuntu 20.04
> 
> but I cannot connect to the WMS sever using QGIS 3.14.0 on Ubuntu 20.04 as
> you reported:
> 
> WMS PROVIDER
> Failed to download capabilities:
> Download of capabilities failed: SSL handshake failed
> 
> 
> Instead i can connect to other WMS servers using https (e.g.
> https://wms.cartografia.agenziaentrate.gov.it/inspire/wms/ows01.php) with
> QGIS 3.14.0 on Ubuntu 20.04.
> 
> Could you please check if you can connect to other WMS servers using https
> (e.g. https://wms.cartografia.agenziaentrate.gov.it/inspire/wms/ows01.php)?
> 
> It's probably worth reporting the bug on the qgis-developer ml or on GitHub
> if other user can check if they can or cannot use that WMS server at
> https://gibs.earthdata.nasa.gov/wms/epsg4326/best/wms.cgi.
> 
> Regards.
> 
> Andrea Giudiceandrea
> 
> 
> 
> --
> Sent from: http://osgeo-org.1560.x6.nabble.com/QGIS-User-f4125267.html
> _______________________________________________
> Qgis-user mailing list
> Qgis-user at lists.osgeo.org
> List info: https://lists.osgeo.org/mailman/listinfo/qgis-user
> Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-user
>

More information about the Qgis-user mailing list