Re: [QGIS-Developer] QGIS Server - SSL handshake failed for cascading WMS

2018-06-03 Thread Anne Blankert
 I confirm that this procedure works.

Thanks!


2018-06-01 14:05 GMT+02:00 René-Luc Dhont :

> Hi all,
>
> To fix this issue, you have to add HOME environmental variable to a
> directory in which the directory .qgis2 is writable for the user used by
> QGIS Server, with Apache2, it's www-data.
>
> For exemple, do these commands:
> ```
> mkdir /srv/qgis/.qgis2
> chown www-data:www-data /srv/qgis/.qgis2
> chmod 774 /srv/qgis/.qgis2
> ```
>
> And add this in your apache virtual host:
> ```
> FcgidInitialEnv HOME "/srv/qgis"
> ```
>
> The documentation probably needs to be updated.
>
> Regards,
> René-Luc
>
>
> Le 14/05/2018 à 17:49, Alessandro Pasotti a écrit :
>
> And this:
>
> https://issues.qgis.org/issues/17951
>
> and this too:
>
> https://issues.qgis.org/issues/16462
>
>
>
> On Mon, May 14, 2018 at 4:58 PM, Régis Haubourg 
> wrote:
>
>> Hi Anne,
>> did you test QGIS 3.0 also?
>> Could you create an issue in issue.qgis.org tracker?
>>
>> I found that one, that seemed related https://issues.qgis.org/issues
>> /18634
>>
>> Regards,
>> Régis
>>
>> 2018-05-14 16:25 GMT+02:00 Anne Blankert :
>>
>>> Hello List,
>>>
>>> This question was already asked in Jan 2017, but no solution was posted.
>>> http://osgeo-org.1560.x6.nabble.com/QGIS-Server-SSL-handshak
>>> e-failed-for-cascading-WMS-td5305094.html
>>>
>>> The problem: if QGIS uses an HTTPS (SSL) WMS service, the WMS works
>>> nicely in QGIS desktop. However, if you use the same .qgs project file on
>>> QGIS Server, all requests to the HTTPS (SSL) WMS server result in an  SSL
>>> handshake error.
>>>
>>> This (still) happens on:
>>> Ubuntu 16.04
>>> QGIS server 2.18
>>> An example WMS https server showing the problem is:
>>> https://geodata.nationaalgeoregister.nl/bag/ows
>>>
>>> A workaround could be to use the HTTP version of the WMS instead of the
>>> HTTPS version. However, the capabilities of many HTTP services advertise
>>> the HTTPS version for the GETMAP, GETFEATUREINFO and GETLEGENDGRAPHIC
>>> endpoints.
>>>
>>> The SSL problem also arises when trying to use WFS services over HTTPS
>>> from QGIS Server.
>>>
>>> Is this a known problem? Is there a workaround? Should I file a bug
>>> report?
>>>
>>> Thanks,
>>>
>>> Anne
>>>
>>> ___
>>> QGIS-Developer mailing list
>>> QGIS-Developer@lists.osgeo.org
>>> List info: https://lists.osgeo.org/mailman/listinfo/qgis-developer
>>> Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-developer
>>>
>>
>>
>> ___
>> QGIS-Developer mailing list
>> QGIS-Developer@lists.osgeo.org
>> List info: https://lists.osgeo.org/mailman/listinfo/qgis-developer
>> Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-developer
>>
>
>
>
> --
> Alessandro Pasotti
> w3:   www.itopen.it
>
>
> ___
> QGIS-Developer mailing listqgis-develo...@lists.osgeo.org
> List info: https://lists.osgeo.org/mailman/listinfo/qgis-developer
> Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-developer
>
>
>
> ___
> QGIS-Developer mailing list
> QGIS-Developer@lists.osgeo.org
> List info: https://lists.osgeo.org/mailman/listinfo/qgis-developer
> Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-developer
>
___
QGIS-Developer mailing list
QGIS-Developer@lists.osgeo.org
List info: https://lists.osgeo.org/mailman/listinfo/qgis-developer
Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-developer

Re: [QGIS-Developer] QGIS Server - SSL handshake failed for cascading WMS

2018-06-01 Thread René-Luc Dhont

Hi all,

To fix this issue, you have to add HOME environmental variable to a 
directory in which the directory .qgis2 is writable for the user used by 
QGIS Server, with Apache2, it's www-data.


For exemple, do these commands:
```
mkdir /srv/qgis/.qgis2
chown www-data:www-data /srv/qgis/.qgis2
chmod 774 /srv/qgis/.qgis2
```

And add this in your apache virtual host:
```
FcgidInitialEnv HOME "/srv/qgis"
```

The documentation probably needs to be updated.

Regards,
René-Luc

Le 14/05/2018 à 17:49, Alessandro Pasotti a écrit :

And this:

https://issues.qgis.org/issues/17951

and this too:

https://issues.qgis.org/issues/16462



On Mon, May 14, 2018 at 4:58 PM, Régis Haubourg 
mailto:regis.haubo...@gmail.com>> wrote:


Hi Anne,
did you test QGIS 3.0 also?
Could you create an issue in issue.qgis.org
 tracker?

I found that one, that seemed related
https://issues.qgis.org/issues/18634


Regards,
Régis

2018-05-14 16:25 GMT+02:00 Anne Blankert mailto:anne.blank...@geodan.nl>>:

Hello List,

This question was already asked in Jan 2017, but no solution
was posted.

http://osgeo-org.1560.x6.nabble.com/QGIS-Server-SSL-handshake-failed-for-cascading-WMS-td5305094.html



The problem: if QGIS uses an HTTPS (SSL) WMS service, the WMS
works nicely in QGIS desktop. However, if you use the same
.qgs project file on QGIS Server, all requests to the HTTPS
(SSL) WMS server result in an  SSL handshake error.

This (still) happens on:
Ubuntu 16.04
QGIS server 2.18
An example WMS https server showing the problem is:
https://geodata.nationaalgeoregister.nl/bag/ows


A workaround could be to use the HTTP version of the WMS
instead of the HTTPS version. However, the capabilities of
many HTTP services advertise the HTTPS version for the GETMAP,
GETFEATUREINFO and GETLEGENDGRAPHIC endpoints.

The SSL problem also arises when trying to use WFS services
over HTTPS from QGIS Server.

Is this a known problem? Is there a workaround? Should I file
a bug report?

Thanks,

Anne

___
QGIS-Developer mailing list
QGIS-Developer@lists.osgeo.org

List info:
https://lists.osgeo.org/mailman/listinfo/qgis-developer

Unsubscribe:
https://lists.osgeo.org/mailman/listinfo/qgis-developer




___
QGIS-Developer mailing list
QGIS-Developer@lists.osgeo.org 
List info: https://lists.osgeo.org/mailman/listinfo/qgis-developer

Unsubscribe:
https://lists.osgeo.org/mailman/listinfo/qgis-developer





--
Alessandro Pasotti
w3: www.itopen.it 


___
QGIS-Developer mailing list
QGIS-Developer@lists.osgeo.org
List info: https://lists.osgeo.org/mailman/listinfo/qgis-developer
Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-developer


___
QGIS-Developer mailing list
QGIS-Developer@lists.osgeo.org
List info: https://lists.osgeo.org/mailman/listinfo/qgis-developer
Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-developer

Re: [QGIS-Developer] QGIS Server - SSL handshake failed for cascading WMS

2018-05-14 Thread Anne Blankert
Hello Régis,

I did not yet try QGIS server 3.0 on Ubuntu yet (not clear to me how to
install it, will look at it again).

Thanks for pointing me to the problem described on https://issues.qgis.org/
issues/18634, however, it seems to be different from the SSL handshake
problem: their server was requesting over HTTP because the HTTPS
capabilities were advertising HTTP services (which is a not a QGIS server
problem).



2018-05-14 16:58 GMT+02:00 Régis Haubourg :

> Hi Anne,
> did you test QGIS 3.0 also?
> Could you create an issue in issue.qgis.org tracker?
>
> I found that one, that seemed related https://issues.qgis.org/issues/18634
>
> Regards,
> Régis
>
> 2018-05-14 16:25 GMT+02:00 Anne Blankert :
>
>> Hello List,
>>
>> This question was already asked in Jan 2017, but no solution was posted.
>> http://osgeo-org.1560.x6.nabble.com/QGIS-Server-SSL-handshak
>> e-failed-for-cascading-WMS-td5305094.html
>>
>> The problem: if QGIS uses an HTTPS (SSL) WMS service, the WMS works
>> nicely in QGIS desktop. However, if you use the same .qgs project file on
>> QGIS Server, all requests to the HTTPS (SSL) WMS server result in an  SSL
>> handshake error.
>>
>> This (still) happens on:
>> Ubuntu 16.04
>> QGIS server 2.18
>> An example WMS https server showing the problem is:
>> https://geodata.nationaalgeoregister.nl/bag/ows
>>
>> A workaround could be to use the HTTP version of the WMS instead of the
>> HTTPS version. However, the capabilities of many HTTP services advertise
>> the HTTPS version for the GETMAP, GETFEATUREINFO and GETLEGENDGRAPHIC
>> endpoints.
>>
>> The SSL problem also arises when trying to use WFS services over HTTPS
>> from QGIS Server.
>>
>> Is this a known problem? Is there a workaround? Should I file a bug
>> report?
>>
>> Thanks,
>>
>> Anne
>>
>> ___
>> QGIS-Developer mailing list
>> QGIS-Developer@lists.osgeo.org
>> List info: https://lists.osgeo.org/mailman/listinfo/qgis-developer
>> Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-developer
>>
>
>
___
QGIS-Developer mailing list
QGIS-Developer@lists.osgeo.org
List info: https://lists.osgeo.org/mailman/listinfo/qgis-developer
Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-developer

Re: [QGIS-Developer] QGIS Server - SSL handshake failed for cascading WMS

2018-05-14 Thread Alessandro Pasotti
And this:

https://issues.qgis.org/issues/17951

and this too:

https://issues.qgis.org/issues/16462



On Mon, May 14, 2018 at 4:58 PM, Régis Haubourg 
wrote:

> Hi Anne,
> did you test QGIS 3.0 also?
> Could you create an issue in issue.qgis.org tracker?
>
> I found that one, that seemed related https://issues.qgis.org/issues/18634
>
> Regards,
> Régis
>
> 2018-05-14 16:25 GMT+02:00 Anne Blankert :
>
>> Hello List,
>>
>> This question was already asked in Jan 2017, but no solution was posted.
>> http://osgeo-org.1560.x6.nabble.com/QGIS-Server-SSL-handshak
>> e-failed-for-cascading-WMS-td5305094.html
>>
>> The problem: if QGIS uses an HTTPS (SSL) WMS service, the WMS works
>> nicely in QGIS desktop. However, if you use the same .qgs project file on
>> QGIS Server, all requests to the HTTPS (SSL) WMS server result in an  SSL
>> handshake error.
>>
>> This (still) happens on:
>> Ubuntu 16.04
>> QGIS server 2.18
>> An example WMS https server showing the problem is:
>> https://geodata.nationaalgeoregister.nl/bag/ows
>>
>> A workaround could be to use the HTTP version of the WMS instead of the
>> HTTPS version. However, the capabilities of many HTTP services advertise
>> the HTTPS version for the GETMAP, GETFEATUREINFO and GETLEGENDGRAPHIC
>> endpoints.
>>
>> The SSL problem also arises when trying to use WFS services over HTTPS
>> from QGIS Server.
>>
>> Is this a known problem? Is there a workaround? Should I file a bug
>> report?
>>
>> Thanks,
>>
>> Anne
>>
>> ___
>> QGIS-Developer mailing list
>> QGIS-Developer@lists.osgeo.org
>> List info: https://lists.osgeo.org/mailman/listinfo/qgis-developer
>> Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-developer
>>
>
>
> ___
> QGIS-Developer mailing list
> QGIS-Developer@lists.osgeo.org
> List info: https://lists.osgeo.org/mailman/listinfo/qgis-developer
> Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-developer
>



-- 
Alessandro Pasotti
w3:   www.itopen.it
___
QGIS-Developer mailing list
QGIS-Developer@lists.osgeo.org
List info: https://lists.osgeo.org/mailman/listinfo/qgis-developer
Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-developer

Re: [QGIS-Developer] QGIS Server - SSL handshake failed for cascading WMS

2018-05-14 Thread Régis Haubourg
Hi Anne,
did you test QGIS 3.0 also?
Could you create an issue in issue.qgis.org tracker?

I found that one, that seemed related https://issues.qgis.org/issues/18634

Regards,
Régis

2018-05-14 16:25 GMT+02:00 Anne Blankert :

> Hello List,
>
> This question was already asked in Jan 2017, but no solution was posted.
> http://osgeo-org.1560.x6.nabble.com/QGIS-Server-SSL-handshak
> e-failed-for-cascading-WMS-td5305094.html
>
> The problem: if QGIS uses an HTTPS (SSL) WMS service, the WMS works nicely
> in QGIS desktop. However, if you use the same .qgs project file on QGIS
> Server, all requests to the HTTPS (SSL) WMS server result in an  SSL
> handshake error.
>
> This (still) happens on:
> Ubuntu 16.04
> QGIS server 2.18
> An example WMS https server showing the problem is:
> https://geodata.nationaalgeoregister.nl/bag/ows
>
> A workaround could be to use the HTTP version of the WMS instead of the
> HTTPS version. However, the capabilities of many HTTP services advertise
> the HTTPS version for the GETMAP, GETFEATUREINFO and GETLEGENDGRAPHIC
> endpoints.
>
> The SSL problem also arises when trying to use WFS services over HTTPS
> from QGIS Server.
>
> Is this a known problem? Is there a workaround? Should I file a bug report?
>
> Thanks,
>
> Anne
>
> ___
> QGIS-Developer mailing list
> QGIS-Developer@lists.osgeo.org
> List info: https://lists.osgeo.org/mailman/listinfo/qgis-developer
> Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-developer
>
___
QGIS-Developer mailing list
QGIS-Developer@lists.osgeo.org
List info: https://lists.osgeo.org/mailman/listinfo/qgis-developer
Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-developer

Re: [Qgis-developer] QGIS Server - SSL handshake failed for cascading WMS

2017-01-31 Thread Neumann, Andreas
Hi Larry, 

Thank you for your reply! 

It is actually a chain with an intermediate CA. So maybe I just hit the
issue you also discovered? 

It is about this URL/certificate: https://services.geo.zg.ch/ 

Root CA: SwissSign Silver G2 Root CA
Intermediate CA: Swiss Sign Silver CA 2014 - G22
SSL Certificate: services.geo.zg.ch 

So I will try do have a look at the workaround or fall back to http only
- because I can control both servers. 

Thanks, 

Andreas 

On 2017-01-27 21:49, Larry Shaffer wrote:

> Hi Andreas, 
> 
> On Fri, Jan 27, 2017 at 8:48 AM, Neumann, Andreas  wrote:
> 
>> Some more information on my server: 
>> 
>> Linux CentOS7 
>> 
>> qt 4.8.5 
>> 
>> The server only allows tls connections, no SSLv2/3 or such vulnerable stuff. 
>> Perhaps qt is too old to properly support tls ciphers? 
>> 
>> Can I add an SSL "do not check exception" for specific connections of QGIS 
>> server? 
>> 
>> If yes - how would I configure that for QGIS server?
> 
> Qt 4.8 can definitely use TLS, and can be configured (in a SSL Server 
> configuration) to connect to the WMS endpoint how you feel is appropriate, 
> including ignoring specific SSL errors. This assumes you are cascading by 
> configuring a QGIS project with a WMS layer and then, in turn, serving again 
> via WMS through QGIS Server. If so, you should be able to use the 
> authentication system to solve the connection issues. However, you will need 
> to have the authentication database available to QGIS Server as well, via env 
> variable, because the SSL Server configurations are stored in it. 
> 
> Recently (last week), I noticed a possible bug in the auth system whereby the 
> SSL endpoint connected to will throw an SSL error when the endpoint has 
> intermediate certificates that are not stored in QGIS's Authorities tab. 
> Usually, validation would not check for trust of intermediates, only whether 
> a given cert in the chain is valid for the particular use and the eventual 
> trustworthiness of its root Certificate Authority. Essentially, any 
> intermediates need to be trusted as roots CAs until this is fixed. 
> 
> In this case, for a workaround, you will need to either add the intermediate 
> certificates to OpenSSL's referenced trusted roots file/directory, or add 
> them to your Authorities tab in QGIS (which adds them to the authentication 
> database as trusted, by default) then ensure the auth database can be used by 
> QGIS Server for the project. 
> 
> I would need to know more about your particular SSL setup to give any further 
> suggestions here. Unfortunately, "SSL handshake failed" is a too vague, and I 
> am only guessing at the problem above. 
> 
> Regards, 
> 
> Larry Shaffer
> Dakota Cartography
> Black Hills, South Dakota 
> 
> Thanks for any hints, 
> 
> Andreas
> 
> On 2017-01-27 16:31, Neumann, Andreas wrote: 
> 
> Hi, 
> 
> I want to use a cascading WMS in QGIS server. I know it is not ideal, 
> perfomance wise, but it would be only for printing. 
> 
> Problem is that the WMS uses https and QGIS server can't connect. The QGIS 
> server log shows a connect error: 
> 
> Download of capabilities failed: SSL handshake failed 
> 
> curl or wget on the same server works fine with the same ssl connection. 
> 
> Anyone knows how I can overcome this SSL handshake issue? Do I need to set up 
> a separate certificat chain for QGIS server? I hope not ... 
> 
> Thanks for any hints, 
> 
> Andreas
> 
> ___
> Qgis-developer mailing list
> Qgis-developer@lists.osgeo.org
> List info: https://lists.osgeo.org/mailman/listinfo/qgis-developer [1]
> Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-developer [1] 
> 
> ___
> Qgis-developer mailing list
> Qgis-developer@lists.osgeo.org
> List info: https://lists.osgeo.org/mailman/listinfo/qgis-developer [1]
> Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-developer [1]

  

Links:
--
[1] https://lists.osgeo.org/mailman/listinfo/qgis-developer
___
Qgis-developer mailing list
Qgis-developer@lists.osgeo.org
List info: https://lists.osgeo.org/mailman/listinfo/qgis-developer
Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-developer

Re: [Qgis-developer] QGIS Server - SSL handshake failed for cascading WMS

2017-01-27 Thread Larry Shaffer
Hi Andreas,

On Fri, Jan 27, 2017 at 8:48 AM, Neumann, Andreas 
wrote:

> Some more information on my server:
>
> Linux CentOS7
>
> qt 4.8.5
>
> The server only allows tls connections, no SSLv2/3 or such vulnerable
> stuff. Perhaps qt is too old to properly support tls ciphers?
>
> Can I add an SSL "do not check exception" for specific connections of QGIS
> server?
>
> If yes - how would I configure that for QGIS server?
>
> Qt 4.8 can definitely use TLS, and can be configured (in a SSL Server
configuration) to connect to the WMS endpoint how you feel is appropriate,
including ignoring specific SSL errors. This assumes you are cascading by
configuring a QGIS project with a WMS layer and then, in turn, serving
again via WMS through QGIS Server. If so, you should be able to use the
authentication system to solve the connection issues. However, you will
need to have the authentication database available to QGIS Server as well,
via env variable, because the SSL Server configurations are stored in it.

Recently (last week), I noticed a possible bug in the auth system whereby
the SSL endpoint connected to will throw an SSL error when the endpoint has
intermediate certificates that are not stored in QGIS's Authorities tab.
Usually, validation would not check for trust of intermediates, only
whether a given cert in the chain is valid for the particular use and the
eventual trustworthiness of its root Certificate Authority. Essentially,
any intermediates need to be trusted as roots CAs until this is fixed.

In this case, for a workaround, you will need to either add the
intermediate certificates to OpenSSL's referenced trusted roots
file/directory, or add them to your Authorities tab in QGIS (which adds
them to the authentication database as trusted, by default) then ensure the
auth database can be used by QGIS Server for the project.

I would need to know more about your particular SSL setup to give any
further suggestions here. Unfortunately, "SSL handshake failed" is a too
vague, and I am only guessing at the problem above.

Regards,

Larry Shaffer
Dakota Cartography
Black Hills, South Dakota


> Thanks for any hints,
>
> Andreas
>
> On 2017-01-27 16:31, Neumann, Andreas wrote:
>
> Hi,
>
> I want to use a cascading WMS in QGIS server. I know it is not ideal,
> perfomance wise, but it would be only for printing.
>
> Problem is that the WMS uses https and QGIS server can't connect. The QGIS
> server log shows a connect error:
>
> Download of capabilities failed: SSL handshake failed
>
> curl or wget on the same server works fine with the same ssl connection.
>
> Anyone knows how I can overcome this SSL handshake issue? Do I need to set
> up a separate certificat chain for QGIS server? I hope not ...
>
> Thanks for any hints,
>
> Andreas
>
>
> ___
> Qgis-developer mailing list
> Qgis-developer@lists.osgeo.org
> List info: https://lists.osgeo.org/mailman/listinfo/qgis-developer
> Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-developer
>
>
>
>
> ___
> Qgis-developer mailing list
> Qgis-developer@lists.osgeo.org
> List info: https://lists.osgeo.org/mailman/listinfo/qgis-developer
> Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-developer
>
___
Qgis-developer mailing list
Qgis-developer@lists.osgeo.org
List info: https://lists.osgeo.org/mailman/listinfo/qgis-developer
Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-developer

Re: [Qgis-developer] QGIS Server - SSL handshake failed for cascading WMS

2017-01-27 Thread G. Allegri
Network management of QGIS Server is definetely week. We alse faced this
issue and I thought to bypass it setting a proxy... but it isn't possibile
to set a proxy for QGIS Server to use (as you can do in QGIS).
So neither SSL nor a proxy can be configured. I suggest to add this to the
ongoing server refactoring...

giovanni

Il 27 gen 2017 16:48, "Neumann, Andreas"  ha scritto:

> Some more information on my server:
>
> Linux CentOS7
>
> qt 4.8.5
>
> The server only allows tls connections, no SSLv2/3 or such vulnerable
> stuff. Perhaps qt is too old to properly support tls ciphers?
>
> Can I add an SSL "do not check exception" for specific connections of QGIS
> server?
>
> If yes - how would I configure that for QGIS server?
>
> Thanks for any hints,
>
> Andreas
>
> On 2017-01-27 16:31, Neumann, Andreas wrote:
>
> Hi,
>
> I want to use a cascading WMS in QGIS server. I know it is not ideal,
> perfomance wise, but it would be only for printing.
>
> Problem is that the WMS uses https and QGIS server can't connect. The QGIS
> server log shows a connect error:
>
> Download of capabilities failed: SSL handshake failed
>
> curl or wget on the same server works fine with the same ssl connection.
>
> Anyone knows how I can overcome this SSL handshake issue? Do I need to set
> up a separate certificat chain for QGIS server? I hope not ...
>
> Thanks for any hints,
>
> Andreas
>
>
> ___
> Qgis-developer mailing list
> Qgis-developer@lists.osgeo.org
> List info: https://lists.osgeo.org/mailman/listinfo/qgis-developer
> Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-developer
>
>
>
>
> ___
> Qgis-developer mailing list
> Qgis-developer@lists.osgeo.org
> List info: https://lists.osgeo.org/mailman/listinfo/qgis-developer
> Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-developer
>
___
Qgis-developer mailing list
Qgis-developer@lists.osgeo.org
List info: https://lists.osgeo.org/mailman/listinfo/qgis-developer
Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-developer

Re: [Qgis-developer] QGIS Server - SSL handshake failed for cascading WMS

2017-01-27 Thread Neumann, Andreas
Some more information on my server: 

Linux CentOS7 

qt 4.8.5 

The server only allows tls connections, no SSLv2/3 or such vulnerable
stuff. Perhaps qt is too old to properly support tls ciphers? 

Can I add an SSL "do not check exception" for specific connections of
QGIS server? 

If yes - how would I configure that for QGIS server? 

Thanks for any hints, 

Andreas 

On 2017-01-27 16:31, Neumann, Andreas wrote:

> Hi, 
> 
> I want to use a cascading WMS in QGIS server. I know it is not ideal, 
> perfomance wise, but it would be only for printing. 
> 
> Problem is that the WMS uses https and QGIS server can't connect. The QGIS 
> server log shows a connect error: 
> 
> Download of capabilities failed: SSL handshake failed 
> 
> curl or wget on the same server works fine with the same ssl connection. 
> 
> Anyone knows how I can overcome this SSL handshake issue? Do I need to set up 
> a separate certificat chain for QGIS server? I hope not ... 
> 
> Thanks for any hints, 
> 
> Andreas
> 
> ___
> Qgis-developer mailing list
> Qgis-developer@lists.osgeo.org
> List info: https://lists.osgeo.org/mailman/listinfo/qgis-developer
> Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-developer

  ___
Qgis-developer mailing list
Qgis-developer@lists.osgeo.org
List info: https://lists.osgeo.org/mailman/listinfo/qgis-developer
Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-developer