From 750f47df8e12e285d3e278c57390ac05cb1ddc8f Mon Sep 17 00:00:00 2001 From: Martijn Visser Date: Mon, 17 Aug 2020 19:55:49 +0200 Subject: [PATCH] configure path to CA certificates This will allow opening datasets directly from URLs. See also https://trac.osgeo.org/gdal/ticket/6732 --- Project.toml | 1 + src/GDAL.jl | 4 ++++ test/drivers.jl | 7 +++++++ 3 files changed, 12 insertions(+) diff --git a/Project.toml b/Project.toml index 03be123..622e331 100644 --- a/Project.toml +++ b/Project.toml @@ -8,6 +8,7 @@ version = "1.1.3" [deps] CEnum = "fa961155-64e5-5f13-b03f-caf6b980ea82" GDAL_jll = "a7073274-a066-55f0-b90d-d619367d196c" +MozillaCACerts_jll = "14a3606d-f60d-562e-9121-12d972cd8159" PROJ_jll = "58948b4f-47e0-5654-a9ad-f609743f8632" [compat] diff --git a/src/GDAL.jl b/src/GDAL.jl index 7c911e9..bd49362 100644 --- a/src/GDAL.jl +++ b/src/GDAL.jl @@ -2,6 +2,7 @@ module GDAL using PROJ_jll using GDAL_jll +using MozillaCACerts_jll using CEnum const Ctm = Base.Libc.TmStruct @@ -44,6 +45,9 @@ function __init__() GDAL_DATA[] = joinpath(GDAL_jll.artifact_dir, "share", "gdal") cplsetconfigoption("GDAL_DATA", GDAL_DATA[]) + # set path to CA certificates + cplsetconfigoption("CURL_CA_BUNDLE", cacert) + # set PROJ_LIB location, this overrides setting the environment variable PROJ_LIB[] = joinpath(PROJ_jll.artifact_dir, "share", "proj") osrsetprojsearchpaths([PROJ_LIB[]]) diff --git a/test/drivers.jl b/test/drivers.jl index 76a97e3..20d947e 100644 --- a/test/drivers.jl +++ b/test/drivers.jl @@ -46,3 +46,10 @@ available_drivers = [ for drivername in available_drivers @test GDAL.gdalgetdriverbyname(drivername) != C_NULL end + +# errors with BADCERT_NOT_TRUSTED if the CA certificate paths is not properly configured +landsat = "https://landsat-pds.s3.amazonaws.com/L8/139/045/LC81390452014295LGN00/LC81390452014295LGN00_B1.TIF" +ds_landsat = GDAL.gdalopen(string("/vsicurl/", landsat), GDAL.GA_ReadOnly) +GDAL.gdalclose(ds_landsat) +# actually also works without the /vsicurl/ prefix, but takes 50s versus 1s, so let's +# not waste CI time. (it's probably downloading the whole file)