Opened 13 years ago

Closed 9 years ago

#3882 closed defect (fixed)

GDAL WMS driver should skip ssl verification and support authentication

Reported by: atte Owned by: nowakpl
Priority: normal Milestone:
Component: default Version: svn-trunk
Severity: normal Keywords:
Cc: jukka.rahkonen@…


...because that's what the WCS driver does in trunk (port/cpl_http.cpp).

wms driver (frmts/wms/gdalhttp.cpp) doesn't skip ssl verification, so you can't connect to a server that's using self-signed cert.

Authentication works if you pass the username and password in url (https://<username>:<password>@<host>/...), but it would be better do it like in wcs via <UserPwd> for consistency and to support different auth types <HttpAuth> (#3091).

Change History (8)

comment:1 by atte, 13 years ago

Plus, it would be nice if at least ssl verification skipping would be added to 1.7 branch also since the change is simple one liner:

curl_easy_setopt(<curl_handle>, CURLOPT_SSL_VERIFYPEER, FALSE);

At the moment, no driver in 1.7 skips ssl verification, afaict.

comment:2 by Jukka Rahkonen, 13 years ago

Cc: jukka.rahkonen@… added

comment:3 by Even Rouault, 13 years ago

Could you confirm that what you need is the patch attached to #3510 ?

comment:4 by nowakpl, 13 years ago

Owner: changed from warmerdam to nowakpl
Status: newassigned

Possible fix in r21304, add <UnsafeSSL>true</UnsafeSSL> inside <GDAL_WMS>. I don't have any https server with wms so can't really test.

comment:5 by atte, 13 years ago

Eh sorry. My quick search didn't hit #3510. This ticket is really a duplicate of that.

I tested the Autentication patch from #3510 against r21303 and I can confirm that it fixes my problem.

I tested r21304 also. It works also. I had little trouble at first when I tried to add <UnsafeSSL> as a child of <Service> until I figured that it's a child of <GDAL_WMS> itself. Imho, it would make more sense under <Service>.

My vote goes to the patch in #3510 (and backing out r21304). The solution there seems consistent with wcs.

comment:6 by atte, 13 years ago

Now that 1.8 is out, needs to be updated for <UnsafeSSL>.

comment:7 by Jukka Rahkonen, 10 years ago

The work is done but <UnsafeSSL>true</UnsafeSSL> is still missing from

comment:8 by Jukka Rahkonen, 9 years ago

Resolution: fixed
Status: assignedclosed

Documented in r28145.

Note: See TracTickets for help on using tickets.