[QGIS-Developer] CURL error - SSL certificate problem with QGIS compiled against newer GDAL versions

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[QGIS-Developer] CURL error - SSL certificate problem with QGIS compiled against newer GDAL versions

Pedro Venâncio-2
Hi all,

There is an issue when accessing data thru HTTPS protocol, using GDAL 2.4.1 (and possibly versions older than this one) - OSGeo4W:

Invalid Layer: GDAL provider Cannot open GDAL dataset /vsicurl/https://cld.pt/dl/download/43299142-3a39-40f1-b3d1-3248611c7ec4/S2B_20190907_Mosaico_Portugal_Continental_RGB_12_8_4_3763.tif: CURL error: SSL certificate problem: unable to get local issuer certificate (file: ..\..\..\src\providers\gdal\qgsgdalprovider.cpp row: 2642function QgsGdalProvider::initIfNeeded:) Raster layer Provider is not valid (provider: gdal, URI: /vsicurl/https://cld.pt/dl/download/43299142-3a39-40f1-b3d1-3248611c7ec4/S2B_20190907_Mosaico_Portugal_Continental_RGB_12_8_4_3763.tif (file: ..\..\..\src\core\raster\qgsrasterlayer.cpp row: 627function QgsRasterLayer::setDataProvider:)

C:\>gdalinfo --version
GDAL 2.4.1, released 2019/03/15

C:\>gdalinfo /vsicurl/https://cld.pt/dl/download/43299142-3a39-40f1-b3d1-3248611c7ec4/S2B_20190907_Mosaico_Portugal_Continental_RGB_12_8_4_3763.tif
ERROR 11: CURL error: SSL certificate problem: unable to get local issuer certificate
gdalinfo failed - unable to open '/vsicurl/https://cld.pt/dl/download/43299142-3a39-40f1-b3d1-3248611c7ec4/S2B_20190907_Mosaico_Portugal_Continental_RGB_12_8_4_3763.tif'.


Using ' --config GDAL_HTTP_UNSAFESSL YES', as suggested in GDAL mailing list, solves the problem in the CLI, but not the access in QGIS.

C:\>gdalinfo --config GDAL_HTTP_UNSAFESSL YES /vsicurl/https://cld.pt/dl/download/43299142-3a39-40f1-b3d1-3248611c7ec4/S2B_20190907_Mosaico_Portugal_Continental_RGB_12_8_4_3763.tif
Driver: GTiff/GeoTIFF
Files: /vsicurl/https://cld.pt/dl/download/43299142-3a39-40f1-b3d1-3248611c7ec4/S2B_20190907_Mosaico_Portugal_Continental_RGB_12_8_4_3763.tif
Size is 31065, 60493
Coordinate System is:
PROJCS["ETRS89 / Portugal TM06",
    GEOGCS["ETRS89",
        DATUM["European_Terrestrial_Reference_System_1989",
            SPHEROID["GRS 1980",6378137,298.257222101,
                AUTHORITY["EPSG","7019"]],
            TOWGS84[0,0,0,0,0,0,0],
            AUTHORITY["EPSG","6258"]],
        PRIMEM["Greenwich",0,
            AUTHORITY["EPSG","8901"]],
        UNIT["degree",0.0174532925199433,
            AUTHORITY["EPSG","9122"]],
        AUTHORITY["EPSG","4258"]],
    PROJECTION["Transverse_Mercator"],
    PARAMETER["latitude_of_origin",39.66825833333333],
    PARAMETER["central_meridian",-8.133108333333334],
    PARAMETER["scale_factor",1],
    PARAMETER["false_easting",0],
    PARAMETER["false_northing",0],
    UNIT["metre",1,
        AUTHORITY["EPSG","9001"]],
    AXIS["X",EAST],
    AXIS["Y",NORTH],
    AUTHORITY["EPSG","3763"]]
Origin = (-127786.591583720612107,297279.380753421806730)
Pixel Size = (10.002778289544233,-10.002778289544233)
Metadata:
  AREA_OR_POINT=Area
Image Structure Metadata:
  COMPRESSION=JPEG
  INTERLEAVE=PIXEL
Corner Coordinates:
Upper Left  ( -127786.592,  297279.381) (  9d41' 1.00"W, 42d20' 4.79"N)
Lower Left  ( -127786.592, -307818.686) (  9d33'59.60"W, 36d53'11.46"N)
Upper Right (  182949.716,  297279.381) (  5d54'49.30"W, 42d19'25.19"N)
Lower Right (  182949.716, -307818.686) (  6d 4'52.23"W, 36d52'38.80"N)
Center      (   27581.562,   -5269.653) (  7d48'42.80"W, 39d37'13.27"N)
Band 1 Block=31065x16 Type=Byte, ColorInterp=Red
  Overviews: 15533x30247, 7767x15124, 3884x7562, 1942x3781, 971x1891, 486x946, 243x473, 122x237
  Mask Flags: PER_DATASET ALPHA
  Overviews of mask band: 15533x30247, 7767x15124, 3884x7562, 1942x3781, 971x1891, 486x946, 243x473, 122x237
Band 2 Block=31065x16 Type=Byte, ColorInterp=Green
  Overviews: 15533x30247, 7767x15124, 3884x7562, 1942x3781, 971x1891, 486x946, 243x473, 122x237
  Mask Flags: PER_DATASET ALPHA
  Overviews of mask band: 15533x30247, 7767x15124, 3884x7562, 1942x3781, 971x1891, 486x946, 243x473, 122x237
Band 3 Block=31065x16 Type=Byte, ColorInterp=Blue
  Overviews: 15533x30247, 7767x15124, 3884x7562, 1942x3781, 971x1891, 486x946, 243x473, 122x237
  Mask Flags: PER_DATASET ALPHA
  Overviews of mask band: 15533x30247, 7767x15124, 3884x7562, 1942x3781, 971x1891, 486x946, 243x473, 122x237
Band 4 Block=31065x16 Type=Byte, ColorInterp=Alpha
  Overviews: 15533x30247, 7767x15124, 3884x7562, 1942x3781, 971x1891, 486x946, 243x473, 122x237

This does not happen in QGIS compiled against older versions of GDAL. For instance, I've QGIS LTR in a Linux machine, compiled against GDAL 2.2.2, and the same dataset loads ok. The same in the CLI.

pedro@omen ~ $ gdalinfo --version
GDAL 2.2.2, released 2017/09/15

pedro@omen ~ $ gdalinfo /vsicurl/https://cld.pt/dl/download/43299142-3a39-40f1-b3d1-3248611c7ec4/S2B_20190907_Mosaico_Portugal_Continental_RGB_12_8_4_3763.tif
Driver: GTiff/GeoTIFF
Files: /vsicurl/https://cld.pt/dl/download/43299142-3a39-40f1-b3d1-3248611c7ec4/S2B_20190907_Mosaico_Portugal_Continental_RGB_12_8_4_3763.tif
Size is 31065, 60493
Coordinate System is:
PROJCS["ETRS89 / Portugal TM06",
    GEOGCS["ETRS89",
        DATUM["European_Terrestrial_
Reference_System_1989",
            SPHEROID["GRS 1980",6378137,298.257222101,
                AUTHORITY["EPSG","7019"]],
            TOWGS84[0,0,0,0,0,0,0],
            AUTHORITY["EPSG","6258"]],
        PRIMEM["Greenwich",0,
            AUTHORITY["EPSG","8901"]],
        UNIT["degree",0.
0174532925199433,
            AUTHORITY["EPSG","9122"]],
        AUTHORITY["EPSG","4258"]],
    PROJECTION["Transverse_
Mercator"],
    PARAMETER["latitude_of_origin"
,39.66825833333333],
    PARAMETER["central_meridian",-
8.133108333333334],
    PARAMETER["scale_factor",1],
    PARAMETER["false_easting",0],
    PARAMETER["false_northing",0],
    UNIT["metre",1,
        AUTHORITY["EPSG","9001"]],
    AXIS["X",EAST],
    AXIS["Y",NORTH],
    AUTHORITY["EPSG","3763"]]
Origin = (-127786.591583720612107,
297279.380753421806730)
Pixel Size = (10.002778289544233,-10.
002778289544233)
Metadata:
  AREA_OR_POINT=Area
Image Structure Metadata:
  COMPRESSION=JPEG
  INTERLEAVE=PIXEL
Corner Coordinates:
Upper Left  ( -127786.592,  297279.381) (  9d41' 1.00"W, 42d20' 4.79"N)
Lower Left  ( -127786.592, -307818.686) (  9d33'59.60"W, 36d53'11.46"N)
Upper Right (  182949.716,  297279.381) (  5d54'49.30"W, 42d19'25.19"N)
Lower Right (  182949.716, -307818.686) (  6d 4'52.23"W, 36d52'38.80"N)
Center      (   27581.562,   -5269.653) (  7d48'42.80"W, 39d37'13.27"N)
Band 1 Block=31065x16 Type=Byte, ColorInterp=Red
  Overviews: 15533x30247, 7767x15124, 3884x7562, 1942x3781, 971x1891, 486x946, 243x473, 122x237
  Mask Flags: PER_DATASET ALPHA
  Overviews of mask band: 15533x30247, 7767x15124, 3884x7562, 1942x3781, 971x1891, 486x946, 243x473, 122x237
Band 2 Block=31065x16 Type=Byte, ColorInterp=Green
  Overviews: 15533x30247, 7767x15124, 3884x7562, 1942x3781, 971x1891, 486x946, 243x473, 122x237
  Mask Flags: PER_DATASET ALPHA
  Overviews of mask band: 15533x30247, 7767x15124, 3884x7562, 1942x3781, 971x1891, 486x946, 243x473, 122x237
Band 3 Block=31065x16 Type=Byte, ColorInterp=Blue
  Overviews: 15533x30247, 7767x15124, 3884x7562, 1942x3781, 971x1891, 486x946, 243x473, 122x237
  Mask Flags: PER_DATASET ALPHA
  Overviews of mask band: 15533x30247, 7767x15124, 3884x7562, 1942x3781, 971x1891, 486x946, 243x473, 122x237
Band 4 Block=31065x16 Type=Byte, ColorInterp=Alpha
  Overviews: 15533x30247, 7767x15124, 3884x7562, 1942x3781, 971x1891, 486x946, 243x473, 122x237

So, I assume that the SSL certificates are only checked in most recent versions of GDAL (for sure > 2.2.2).

In this way, how can QGIS deal with that? Maybe inserting an option to get the curl library to skip SSL host / certificate verification (GDAL_HTTP_UNSAFESSL)? Or maybe that would not be a good politic, skipping SSL verification...

Thank you very much!

Best regards,
Pedro Venâncio


_______________________________________________
QGIS-Developer mailing list
[hidden email]
List info: https://lists.osgeo.org/mailman/listinfo/qgis-developer
Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-developer