Re: [Qgis-user] GDAL and https links on qgis
Ok, thanks for the info. On Mon, Oct 29, 2018 at 3:06 PM Luigi Pirelli wrote: > the main problem is that Windows have only a limited list of thrusted CAs > in a default installation. Thrusted CA are added atuomatically through a > remote query to some m$ service when you browse an URl with a WinApi > capable browser... eg. Explorer (end if I remember well also WinApi) > So the only way is to "hide" this underground handshake using a adhoc win > code using WinApi to load CA or using (if it works) CURL. > > So the anwer is... not so simple, and you should thrust the M$ service > that thrust the CAs. No idea what is the best solution. > > Luigi Pirelli > > > ** > * LinkedIn: https://www.linkedin.com/in/luigipirelli > * Stackexchange: http://gis.stackexchange.com/users/19667/luigi-pirelli > * GitHub: https://github.com/luipir > * Mastering QGIS 2nd Edition: > * > https://www.packtpub.com/big-data-and-business-intelligence/mastering-qgis-second-edition > * Hire me: http://goo.gl/BYRQKg > > ** > > > On Mon, 29 Oct 2018 at 11:37, Guy Doulberg wrote: > >> Hi >> >> I am working on a project that releases big raster imagery, >> >> I am trying to create a product that can be used in qgis. >> >> The product I had in mind is a raster (VRT) served from the an https >> endpoint referred by local vrt file >> >> I think the issue is relevant to anyone using "/vsicurl/https://..."; >> rasters or even vectors not only vrt. >> >> I tested this product on my 3.4 and 2.18 qgis on linux and it worked with >> no problem >> >> But then I tested in on qgis 2.18 and 3.4 on Windows and it turned out >> there were the following failures: >> >> SSL certificate problem: unable to get local issuer certificate >> >> It can be fixed by setting CURL_CA_BUNDLE to a certificate bundle either >> I downloaded from Mozilla site or from the OS itself. >> >> Can you think of A more elegant solution? I don't like the idea that I >> will need to tell my users to hassle with these settings >> >> And I don't like the idea of using http, to the data of those products. >> >> Maybe that is more a request for the qgis-dev mailing list, but is there >> a way to compile qgis with gdal that already has all the certificates >> authorities? >> >> Thanks, Guy >> >> ___ >> Qgis-user mailing list >> Qgis-user@lists.osgeo.org >> List info: https://lists.osgeo.org/mailman/listinfo/qgis-user >> Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-user > > ___ Qgis-user mailing list Qgis-user@lists.osgeo.org List info: https://lists.osgeo.org/mailman/listinfo/qgis-user Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-user
Re: [Qgis-user] GDAL and https links on qgis
the main problem is that Windows have only a limited list of thrusted CAs in a default installation. Thrusted CA are added atuomatically through a remote query to some m$ service when you browse an URl with a WinApi capable browser... eg. Explorer (end if I remember well also WinApi) So the only way is to "hide" this underground handshake using a adhoc win code using WinApi to load CA or using (if it works) CURL. So the anwer is... not so simple, and you should thrust the M$ service that thrust the CAs. No idea what is the best solution. Luigi Pirelli ** * LinkedIn: https://www.linkedin.com/in/luigipirelli * Stackexchange: http://gis.stackexchange.com/users/19667/luigi-pirelli * GitHub: https://github.com/luipir * Mastering QGIS 2nd Edition: * https://www.packtpub.com/big-data-and-business-intelligence/mastering-qgis-second-edition * Hire me: http://goo.gl/BYRQKg ** On Mon, 29 Oct 2018 at 11:37, Guy Doulberg wrote: > Hi > > I am working on a project that releases big raster imagery, > > I am trying to create a product that can be used in qgis. > > The product I had in mind is a raster (VRT) served from the an https > endpoint referred by local vrt file > > I think the issue is relevant to anyone using "/vsicurl/https://..."; > rasters or even vectors not only vrt. > > I tested this product on my 3.4 and 2.18 qgis on linux and it worked with > no problem > > But then I tested in on qgis 2.18 and 3.4 on Windows and it turned out > there were the following failures: > > SSL certificate problem: unable to get local issuer certificate > > It can be fixed by setting CURL_CA_BUNDLE to a certificate bundle either > I downloaded from Mozilla site or from the OS itself. > > Can you think of A more elegant solution? I don't like the idea that I > will need to tell my users to hassle with these settings > > And I don't like the idea of using http, to the data of those products. > > Maybe that is more a request for the qgis-dev mailing list, but is there a > way to compile qgis with gdal that already has all the certificates > authorities? > > Thanks, Guy > > ___ > Qgis-user mailing list > Qgis-user@lists.osgeo.org > List info: https://lists.osgeo.org/mailman/listinfo/qgis-user > Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-user ___ Qgis-user mailing list Qgis-user@lists.osgeo.org List info: https://lists.osgeo.org/mailman/listinfo/qgis-user Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-user
[Qgis-user] GDAL and https links on qgis
Hi I am working on a project that releases big raster imagery, I am trying to create a product that can be used in qgis. The product I had in mind is a raster (VRT) served from the an https endpoint referred by local vrt file I think the issue is relevant to anyone using "/vsicurl/https://..."; rasters or even vectors not only vrt. I tested this product on my 3.4 and 2.18 qgis on linux and it worked with no problem But then I tested in on qgis 2.18 and 3.4 on Windows and it turned out there were the following failures: SSL certificate problem: unable to get local issuer certificate It can be fixed by setting CURL_CA_BUNDLE to a certificate bundle either I downloaded from Mozilla site or from the OS itself. Can you think of A more elegant solution? I don't like the idea that I will need to tell my users to hassle with these settings And I don't like the idea of using http, to the data of those products. Maybe that is more a request for the qgis-dev mailing list, but is there a way to compile qgis with gdal that already has all the certificates authorities? Thanks, Guy ___ Qgis-user mailing list Qgis-user@lists.osgeo.org List info: https://lists.osgeo.org/mailman/listinfo/qgis-user Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-user
