Hi Folks,
I want to access MapServer SLD resource via secure connection. I've set up SSL on IIS for my web site successfully using a self-signed certificate. Then I added self-signed certificate into a curl-ca-bundle.crt certificate file and set CURL_CA_BUNDLE system level environment variable pointing to curl-ca-bundle.crt file. Aforementioned steps are covered in the following resources: § How to set up MapServer as a client to access a service over https<http://mapserver.org/ogc/wxs_secure.html> § MapServer with OpenSSL support<http://blog.gisinternals.com/2010/12/daily-built-binary-packages-for.html> Unfortunately this configuration does not work and curl throws invalid certificate exception when accessing the following URL: https://domain/cgi-bin/mapserv.exe?map=name1.map&LAYERS=SPECIFICLAYER&TRANSPARENT=TRUE&SLD=https%3A%2F%2Fdomain%2Fcgi-bin%2F%2Fsld.xml&SERVICE=WMS&VERSION=1.1.1&REQUEST=GetMap <?xml version='1.0' encoding="ISO-8859-1" standalone="no" ?> <!DOCTYPE ServiceExceptionReport SYSTEM "http://schemas.opengis.net/wms/1.1.1/exception_1_1_1.dtd";> <ServiceExceptionReport version="1.1.1"> <ServiceException> msSLDApplySLDURL: WMS server error. Could not open SLD https://domain/cgi-bin//sld.xml and save it in temporary file C:\Windows\TEMP\52f0d577_1380_0.sld.xml. Please make sure that the sld url is valid and that the temporary path is set. The temporary path can be defined for example by setting TMPPATH in the map file. Please check the MapServer documentation on temporary path settings. msHTTPExecuteRequests(): HTTP request error. HTTP: request failed with curl error code 60 (SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed) for https://domain/cgi-bin//sld.xml </ServiceException> </ServiceExceptionReport> If curl is used separately it doesn't throw the certificate exception when used with the same curl-ca-bundle.crt file. This suggests that MapServer does not take into account CURL_CA_BUNDLE environment path and does not pass it to libcurl. But according to MapServer code<https://github.com/mapserver/mapserver/blob/7f3e75cbc277b19774dc7030b76b92985f9690c6/maphttp.c> it should check for CURL_CA_BUNDLE environment variable and if set use it for cURL. However this doesn't seem to be the case. I even restarted my server for IIS process to pick up new environment variables: http://geographika.co.uk/reboot-to-refresh-environment-variables Am I missing something? Thanks, Robertas
_______________________________________________ mapserver-users mailing list [email protected] http://lists.osgeo.org/mailman/listinfo/mapserver-users
