Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix handling of CURLOPT_CAINFO and CURLOPT_CAPATH #2690

Merged
merged 3 commits into from
May 30, 2023
Merged

Fix handling of CURLOPT_CAINFO and CURLOPT_CAPATH #2690

merged 3 commits into from
May 30, 2023

Conversation

DennisHeimbigner
Copy link
Collaborator

re: Issue Unidata/netcdf4-python#1246

This provides a partial solution to the above PR.
The underlying problem is with libcurl, but at least a
workaround should be possible by creating a "~/.ncrc" file
containing the line "HTTP.SSL_CAINFO=<path to the cert (.crt) file>".
This was not working for obscure reasons. This PR should fix it.

Misc. Other Changes

  • Update/fix configure.ac to properly test for libcurl version >= 7.66.0
  • Update include/netcdf_json.h
  • Remove use of strlcat from plugins.
  • Fix applicability of .rc file entries

@DennisHeimbigner
Fix handling of CURLOPT_CAINFO and CURLOPT_CAPATH
fc796b3 
re: Issue Unidata/netcdf4-python#1246

This provides a **partial** solution to the above PR.
The underlying problem is with libcurl, but at least a
workaround should be possible by creating a "~/.ncrc" file
containing the line "HTTP.SSL_CAINFO=\<path to the cert (.crt) file\>".
This was not working for obscure reasons. This PR should fix it.

## Misc. Other Changes

* Update/fix configure.ac to properly test for libcurl version >= 7.66.0
* Update include/netcdf_json.h
* Remove use of strlcat from plugins.
* Fix applicability of .rc file entries
@DennisHeimbigner DennisHeimbigner mentioned this pull request Apr 29, 2023
Closed
@jswhit
Copy link

jswhit commented Apr 29, 2023

Thanks @DennisHeimbigner for fixing this! Would it be possible to add a netcdf API function for setting the cert path programatically? That way the python package could use certifi to determine the location of the cert files and set the path on import, without requiring any action by the user. This is what was done in the PROJ C lib (OSGeo/PROJ#2320) when a similar problem was encountered in the python interface.

@DennisHeimbigner
Copy link
Collaborator Author

I think you can already do this. The netcdf.h API includes the following function:

/* Programmatic access to the internal .rc table /
...
/ Set/overwrite the value corresponding to key /
EXTERNL int nc_rc_set(const char key, const char* value);

You should be able to call "nc_rc_set("HTTP.SSL.CAINFO",<path to .crt file>)
You just need to make sure you do this before you do any other actions.

@jswhit jswhit mentioned this pull request May 1, 2023
Closed
@jswhit jswhit mentioned this pull request May 17, 2023
Merged
@jswhit
Copy link

jswhit commented May 25, 2023

it would be nice to get this merged soon so I can build new netcdf4-python wheels that work with https URLs

@WardF WardF self-assigned this May 30, 2023
@WardF WardF merged commit 43b03a4 into Unidata:main May 30, 2023
@DennisHeimbigner DennisHeimbigner mentioned this pull request May 30, 2023
Closed
@Alexander-Barth Alexander-Barth mentioned this pull request May 31, 2023
Merged
@DennisHeimbigner DennisHeimbigner deleted the verifyhost.dmh branch June 12, 2023 19:01
mulimoen added a commit to mulimoen/netcdf-c that referenced this pull request May 5, 2024
@mulimoen
Fix curl CAPATH/CAINFO
cbf1282 
See Unidata#2690
@ocefpaf ocefpaf mentioned this pull request Jun 14, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@WardF WardF WardF approved these changes

Assignees

@WardF WardF

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@DennisHeimbigner @jswhit @WardF