Re: [mapserver-users] SSL curl error when hitting HTTP WMS
Thanks for the explanation about the redirect; that makes perfect sense now. It would be great if there were an "unsafeSSL" option like Jukka mentioned GDAL has; figured I should at least ask whether something like that existed. At least I now have confidence that I'm not missing some more convenient solution and that configuring the CA bundle correctly is the best course of action at the moment. That's some great info you put together in the HTTPS document Jeff! *** PLEASE NOTE *** This message, along with any attachments, is for the designated recipient(s) only and may contain privileged, proprietary, or otherwise confidential information. If this message has reached you in error, kindly destroy it without review and notify the sender immediately. Any other use of such misdirected e-mail by you is prohibited. Where allowed by local law, electronic communications with Zurich and its affiliates, including e-mail and instant messaging (including content), may be scanned for the purposes of information security and assessment of internal compliance with company policy. ___ mapserver-users mailing list mapserver-users@lists.osgeo.org https://lists.osgeo.org/mailman/listinfo/mapserver-users
Re: [mapserver-users] SSL curl error when hitting HTTP WMS
Awesome Jeff: thanks much for this very useful and timely documentation. ..Tom > -Original Message- > From: mapserver-users On > Behalf Of Jeff McKenna > Sent: June 9, 2020 11:26 > To: mapserver-users@lists.osgeo.org > Subject: Re: [mapserver-users] SSL curl error when hitting HTTP WMS > > update: I've given some much needed love to the HTTPS document and > referenced it throughout the docs now: > https://mapserver.org/ogc/wxs_secure.html > > -jeff > > > > On 2020-06-09 7:10 a.m., Jeff McKenna wrote: > > The WMS service that you mention redirects all requests to HTTPS: > > > https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/W > msServer? > > > > > > -jeff > > > > > > > > > -- > Jeff McKenna > MapServer Consulting and Training Services > co-founder of FOSS4G > http://gatewaygeo.com/ > ___ > mapserver-users mailing list > mapserver-users@lists.osgeo.org > https://lists.osgeo.org/mailman/listinfo/mapserver-users ___ mapserver-users mailing list mapserver-users@lists.osgeo.org https://lists.osgeo.org/mailman/listinfo/mapserver-users
Re: [mapserver-users] SSL curl error when hitting HTTP WMS
update: I've given some much needed love to the HTTPS document and referenced it throughout the docs now: https://mapserver.org/ogc/wxs_secure.html -jeff On 2020-06-09 7:10 a.m., Jeff McKenna wrote: The WMS service that you mention redirects all requests to HTTPS: https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WmsServer? -jeff -- Jeff McKenna MapServer Consulting and Training Services co-founder of FOSS4G http://gatewaygeo.com/ ___ mapserver-users mailing list mapserver-users@lists.osgeo.org https://lists.osgeo.org/mailman/listinfo/mapserver-users
Re: [mapserver-users] SSL curl error when hitting HTTP WMS
Should a bug/enhancement request be opened against this? Maybe there should be an option like: PROCESSING "UNSAFESSL=YES" So mapserver can handle this directly from the mapfile? -Steve W On 6/9/2020 6:55 AM, Rahkonen Jukka (MML) wrote: Hi, The service indeed seems to redirect into https address. GDAL has an "unsafeSSL" option but I believe that Mapserver does not http://osgeo-org.1560.x6.nabble.com/https-url-with-MapServer-as-WMS-client-td5332403.html. Perhaps you could bypass the certificate check by setting a general curl insecure option as in https://www.cyberciti.biz/faq/how-to-curl-ignore-ssl-certificate-warnings-command-option/. However, it feels rather risky to do it at that level. -Jukka Rahkonen- -Alkuperäinen viesti- Lähettäjä: mapserver-users Puolesta Jeff McKenna Lähetetty: tiistai 9. kesäkuuta 2020 13.10 Vastaanottaja: mapserver-users@lists.osgeo.org Aihe: Re: [mapserver-users] SSL curl error when hitting HTTP WMS The WMS service that you mention redirects all requests to HTTPS: https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WmsServer? -jeff -- Jeff McKenna MapServer Consulting and Training Services co-founder of FOSS4G http://gatewaygeo.com/ On 2020-06-09 2:46 a.m., John Huotari wrote: I’m attempting to hit a WMS using HTTP, not HTTPS, but I run into the following SSL error HTTP: request failed with curl error code 60 (SSL certificate problem: unable to get local issuer certificate) I can get around this error by downloading a CA bundle file and setting the CURL_CA_BUNDLE environment variable to point to it, but why is a CA bundle file necessary when not even using SSL (hitting a WMS using HTTP, not HTTPS)? Does anyone know a workaround that wouldn’t require deploying a CA bundle file to my servers and setting an environment variable to point to it? I’m currently using the stable release of MSVC 2017 x64 package downloaded from GISInternals - http://www.gisinternals.com/release.php A sample mapfile looks like this MAP NAME USA1 STATUS ON IMAGETYPE PNG8 RESOLUTION 72 IMAGECOLOR 255 255 255 UNITS METERS PROJECTION "proj=lcc" "lat_1=20" "lat_2=60" "lat_0=40" "lon_0=-112.52116185" "x_0=0" "y_0=0" "ellps=GRS80" "units=m" "datum=NAD83" END SIZE 1500 1500 EXTENT -45292.7219576058 780481.616003812 45290.5126012127 871065.05991903 LAYER NAME "WMS_DRG" TYPE RASTER STATUS ON PROJECTION "proj=longlat" "ellps=GRS80" "datum=NAD83" "no_defs" END CONNECTION "http://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WmsServer?; CONNECTIONTYPE WMS METADATA "wms_srs" "EPSG:4326" "wms_name" "0" "wms_server_version" "1.1.1" "wms_format" "image/png" END END END ___ mapserver-users mailing list mapserver-users@lists.osgeo.org https://lists.osgeo.org/mailman/listinfo/mapserver-users ___ mapserver-users mailing list mapserver-users@lists.osgeo.org https://lists.osgeo.org/mailman/listinfo/mapserver-users ___ mapserver-users mailing list mapserver-users@lists.osgeo.org https://lists.osgeo.org/mailman/listinfo/mapserver-users
Re: [mapserver-users] SSL curl error when hitting HTTP WMS
Hi, The service indeed seems to redirect into https address. GDAL has an "unsafeSSL" option but I believe that Mapserver does not http://osgeo-org.1560.x6.nabble.com/https-url-with-MapServer-as-WMS-client-td5332403.html. Perhaps you could bypass the certificate check by setting a general curl insecure option as in https://www.cyberciti.biz/faq/how-to-curl-ignore-ssl-certificate-warnings-command-option/. However, it feels rather risky to do it at that level. -Jukka Rahkonen- -Alkuperäinen viesti- Lähettäjä: mapserver-users Puolesta Jeff McKenna Lähetetty: tiistai 9. kesäkuuta 2020 13.10 Vastaanottaja: mapserver-users@lists.osgeo.org Aihe: Re: [mapserver-users] SSL curl error when hitting HTTP WMS The WMS service that you mention redirects all requests to HTTPS: https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WmsServer? -jeff -- Jeff McKenna MapServer Consulting and Training Services co-founder of FOSS4G http://gatewaygeo.com/ On 2020-06-09 2:46 a.m., John Huotari wrote: > I’m attempting to hit a WMS using HTTP, not HTTPS, but I run into the > following SSL error > > HTTP: request failed with curl error code 60 (SSL certificate problem: > unable to get local issuer certificate) > > I can get around this error by downloading a CA bundle file and setting > the CURL_CA_BUNDLE environment variable to point to it, but why is a CA > bundle file necessary when not even using SSL (hitting a WMS using HTTP, > not HTTPS)? Does anyone know a workaround that wouldn’t require > deploying a CA bundle file to my servers and setting an environment > variable to point to it? > > I’m currently using the stable release of MSVC 2017 x64 package > downloaded from GISInternals - http://www.gisinternals.com/release.php > > A sample mapfile looks like this > > MAP > > NAME USA1 > > STATUS ON > > IMAGETYPE PNG8 > > RESOLUTION 72 > > IMAGECOLOR 255 255 255 > > UNITS METERS > > PROJECTION "proj=lcc" "lat_1=20" "lat_2=60" "lat_0=40" > "lon_0=-112.52116185" "x_0=0" "y_0=0" "ellps=GRS80" "units=m" > "datum=NAD83" END > > SIZE 1500 1500 > > EXTENT -45292.7219576058 780481.616003812 45290.5126012127 > 871065.05991903 > > LAYER > > NAME "WMS_DRG" > > TYPE RASTER > > STATUS ON > > PROJECTION "proj=longlat" "ellps=GRS80" "datum=NAD83" "no_defs" END > > CONNECTION > "http://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WmsServer?; > > CONNECTIONTYPE WMS > > METADATA > > "wms_srs" "EPSG:4326" > > "wms_name" "0" > > "wms_server_version" "1.1.1" > > "wms_format" "image/png" > > END > > END > > END > ___ mapserver-users mailing list mapserver-users@lists.osgeo.org https://lists.osgeo.org/mailman/listinfo/mapserver-users ___ mapserver-users mailing list mapserver-users@lists.osgeo.org https://lists.osgeo.org/mailman/listinfo/mapserver-users
[mapserver-users] SSL curl error when hitting HTTP WMS
I'm attempting to hit a WMS using HTTP, not HTTPS, but I run into the following SSL error HTTP: request failed with curl error code 60 (SSL certificate problem: unable to get local issuer certificate) I can get around this error by downloading a CA bundle file and setting the CURL_CA_BUNDLE environment variable to point to it, but why is a CA bundle file necessary when not even using SSL (hitting a WMS using HTTP, not HTTPS)? Does anyone know a workaround that wouldn't require deploying a CA bundle file to my servers and setting an environment variable to point to it? I'm currently using the stable release of MSVC 2017 x64 package downloaded from GISInternals - http://www.gisinternals.com/release.php A sample mapfile looks like this MAP NAME USA1 STATUS ON IMAGETYPE PNG8 RESOLUTION 72 IMAGECOLOR 255 255 255 UNITS METERS PROJECTION "proj=lcc" "lat_1=20" "lat_2=60" "lat_0=40" "lon_0=-112.52116185" "x_0=0" "y_0=0" "ellps=GRS80" "units=m" "datum=NAD83" END SIZE 1500 1500 EXTENT -45292.7219576058 780481.616003812 45290.5126012127 871065.05991903 LAYER NAME "WMS_DRG" TYPE RASTER STATUS ON PROJECTION "proj=longlat" "ellps=GRS80" "datum=NAD83" "no_defs" END CONNECTION "http://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WmsServer?; CONNECTIONTYPE WMS METADATA "wms_srs" "EPSG:4326" "wms_name" "0" "wms_server_version" "1.1.1" "wms_format" "image/png" END END END *** PLEASE NOTE *** This message, along with any attachments, is for the designated recipient(s) only and may contain privileged, proprietary, or otherwise confidential information. If this message has reached you in error, kindly destroy it without review and notify the sender immediately. Any other use of such misdirected e-mail by you is prohibited. Where allowed by local law, electronic communications with Zurich and its affiliates, including e-mail and instant messaging (including content), may be scanned for the purposes of information security and assessment of internal compliance with company policy. ___ mapserver-users mailing list mapserver-users@lists.osgeo.org https://lists.osgeo.org/mailman/listinfo/mapserver-users
Re: [mapserver-users] SSL curl error when hitting HTTP WMS
The WMS service that you mention redirects all requests to HTTPS: https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WmsServer? -jeff -- Jeff McKenna MapServer Consulting and Training Services co-founder of FOSS4G http://gatewaygeo.com/ On 2020-06-09 2:46 a.m., John Huotari wrote: I’m attempting to hit a WMS using HTTP, not HTTPS, but I run into the following SSL error HTTP: request failed with curl error code 60 (SSL certificate problem: unable to get local issuer certificate) I can get around this error by downloading a CA bundle file and setting the CURL_CA_BUNDLE environment variable to point to it, but why is a CA bundle file necessary when not even using SSL (hitting a WMS using HTTP, not HTTPS)? Does anyone know a workaround that wouldn’t require deploying a CA bundle file to my servers and setting an environment variable to point to it? I’m currently using the stable release of MSVC 2017 x64 package downloaded from GISInternals - http://www.gisinternals.com/release.php A sample mapfile looks like this MAP NAME USA1 STATUS ON IMAGETYPE PNG8 RESOLUTION 72 IMAGECOLOR 255 255 255 UNITS METERS PROJECTION "proj=lcc" "lat_1=20" "lat_2=60" "lat_0=40" "lon_0=-112.52116185" "x_0=0" "y_0=0" "ellps=GRS80" "units=m" "datum=NAD83" END SIZE 1500 1500 EXTENT -45292.7219576058 780481.616003812 45290.5126012127 871065.05991903 LAYER NAME "WMS_DRG" TYPE RASTER STATUS ON PROJECTION "proj=longlat" "ellps=GRS80" "datum=NAD83" "no_defs" END CONNECTION "http://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WmsServer?; CONNECTIONTYPE WMS METADATA "wms_srs" "EPSG:4326" "wms_name" "0" "wms_server_version" "1.1.1" "wms_format" "image/png" END END END ___ mapserver-users mailing list mapserver-users@lists.osgeo.org https://lists.osgeo.org/mailman/listinfo/mapserver-users