GDAL WMS driver should skip ssl verification and support authentication

[atte]

...because that's what the WCS driver does in trunk (port/cpl_http.cpp).

wms driver (frmts/wms/gdalhttp.cpp) doesn't skip ssl verification, so you can't connect to a server that's using self-signed cert.

Authentication works if you pass the username and password in url (​https://<username>:<password>@<host>/...), but it would be better do it like in wcs via <UserPwd> for consistency and to support different auth types <HttpAuth> (#3091).

[atte]

Plus, it would be nice if at least ssl verification skipping would be added to 1.7 branch also since the change is simple one liner:

curl_easy_setopt(<curl_handle>, CURLOPT_SSL_VERIFYPEER, FALSE);

At the moment, no driver in 1.7 skips ssl verification, afaict.

[Even Rouault]

Could you confirm that what you need is the patch attached to #3510 ?

[nowakpl]

Possible fix in r21304, add <UnsafeSSL>true</UnsafeSSL> inside <GDAL_WMS>. I don't have any https server with wms so can't really test.

[atte]

Eh sorry. My quick search didn't hit #3510. This ticket is really a duplicate of that.

I tested the Autentication patch from #3510 against r21303 and I can confirm that it fixes my problem.

I tested r21304 also. It works also. I had little trouble at first when I tried to add <UnsafeSSL> as a child of <Service> until I figured that it's a child of <GDAL_WMS> itself. Imho, it would make more sense under <Service>.

My vote goes to the patch in #3510 (and backing out r21304). The solution there seems consistent with wcs.

[atte]

Now that 1.8 is out, ​http://www.gdal.org/frmt_wms.html needs to be updated for <UnsafeSSL>.

[Jukka Rahkonen]

The work is done but <UnsafeSSL>true</UnsafeSSL> is still missing from ​http://www.gdal.org/frmt_wms.html

[Jukka Rahkonen]

Documented in r28145.