Opened 12 years ago
Closed 8 years ago
#3882 closed defect (fixed)
GDAL WMS driver should skip ssl verification and support authentication
Reported by: | atte | Owned by: | nowakpl |
---|---|---|---|
Priority: | normal | Milestone: | |
Component: | default | Version: | svn-trunk |
Severity: | normal | Keywords: | |
Cc: | jukka.rahkonen@… |
Description
...because that's what the WCS driver does in trunk (port/cpl_http.cpp).
wms driver (frmts/wms/gdalhttp.cpp) doesn't skip ssl verification, so you can't connect to a server that's using self-signed cert.
Authentication works if you pass the username and password in url (https://<username>:<password>@<host>/...), but it would be better do it like in wcs via <UserPwd> for consistency and to support different auth types <HttpAuth> (#3091).
Change History (8)
comment:1 by , 12 years ago
comment:2 by , 12 years ago
Cc: | added |
---|
comment:4 by , 12 years ago
Owner: | changed from | to
---|---|
Status: | new → assigned |
Possible fix in r21304, add <UnsafeSSL>true</UnsafeSSL> inside <GDAL_WMS>. I don't have any https server with wms so can't really test.
comment:5 by , 12 years ago
Eh sorry. My quick search didn't hit #3510. This ticket is really a duplicate of that.
I tested the Autentication patch from #3510 against r21303 and I can confirm that it fixes my problem.
I tested r21304 also. It works also. I had little trouble at first when I tried to add <UnsafeSSL> as a child of <Service> until I figured that it's a child of <GDAL_WMS> itself. Imho, it would make more sense under <Service>.
My vote goes to the patch in #3510 (and backing out r21304). The solution there seems consistent with wcs.
comment:6 by , 12 years ago
Now that 1.8 is out, http://www.gdal.org/frmt_wms.html needs to be updated for <UnsafeSSL>.
comment:7 by , 9 years ago
The work is done but <UnsafeSSL>true</UnsafeSSL> is still missing from http://www.gdal.org/frmt_wms.html
Plus, it would be nice if at least ssl verification skipping would be added to 1.7 branch also since the change is simple one liner:
curl_easy_setopt(<curl_handle>, CURLOPT_SSL_VERIFYPEER, FALSE);
At the moment, no driver in 1.7 skips ssl verification, afaict.