For reference
https://github.com/curl/curl/issues/1538
On Sat, 03 Jun 2017 17:22:33 +0100, Even Rouault
<even.roua...@spatialys.com> wrote:
On samedi 3 juin 2017 17:04:07 CEST Joaquim Luis wrote:
Hi,
For quite some time I cannot use the 'vsis' because of certificates
issue.
For example, a GMT test that has a command like this no longer works on
Windows
gdalinfo
/vsicurl/http://larryfire.files.wordpress.com/2009/07/untooned_jessicarabbit
.jpg
because
ERROR 11: HTTP response code: 301 - SSL certificate problem: unable to
get
local issuer certificate
gdalinfo failed - unable to open
'/vsicurl/http://larryfire.files.wordpress.com/2009/07/untooned_jessicarabbi
t.jpg'.
It used to work but probably with an older libcurl dll.
The above is with my own build gdal and dependencies (libcurl included)
but the same happens with the gisinternals binaries.
I have re(and re)ad this page about the certificates
https://curl.haxx.se/docs/sslcerts.html
but regarding Windows and the curl-ca-bundle.crt file what is said
about
it simply does not work. The only thing that works is setting the ENV
variable
set CURL_CA_BUNDLE=V:\bin\curl-ca-bundle.crt
Now, we had this in GMT recently and I used the nuke option
curl_easy_setopt (Curl, CURLOPT_SSL_VERIFYPEER, 0L); /* Tell libcurl to
not verify the peer */
so tried to do the same thing in the GDAL code (the obvious point
seamed
to be VSICurlSetOptions in cpl_vsi_curl.cpp) but still does not work.
Someone reported to me a similar issue with recent OSGeo4W.
Did you try setting GDAL_HTTP_UNSAFESSL=YES? This is taken into account
in CPLHTTPSetOptions() that is called by VSICurlSetOptions(), >>and
this set CURLOPT_SSL_VERIFYPEER=0 and CURLOPT_SSL_VERIFYHOST=0.
This solved the issue.
Thanks, yes that works too (and, no I hadn't tried it before) although
it's a different solution than setting CURL_CA_BUNDLE , which does not
turn >out the certificates verification.
_______________________________________________
gdal-dev mailing list
gdal-dev@lists.osgeo.org
https://lists.osgeo.org/mailman/listinfo/gdal-dev