Wednesday, December 22, 2010

Daily built binary packages for MapServer with OpenSSL support

SSL support has been added to the daily built binaries which provides the option to access a secure WMS/WFS server on Windows. Here are the key steps to configure this option in your Mapserver/Mapscript installation:

1. Configure the mapfile with one or more WMS/WFS client layer

This will require to configure a layer with 'CONNECTIONTYPE WMS' or 'CONNECTIONTYPE WFS' and set up your connection information according to the following fragment:

LAYER
    CONNECTION "https://www.secureservice.com/service?"
    CONNECTIONTYPE WMS
    METADATA
      "wms_srs"    "EPSG:4326"
      "wms_name"    "NAME"
      "wms_format"    "image/png"
      "wms_server_version"    "1.1.1"
      "wms_auth_username" "username"
      "wms_auth_password" "password"
  END
    TYPE RASTER
    ...
  END


2. Make sure to install all the required files in your deployment

For the SSL support you require to install libeay32.dll and ssleay32.dll along with libcurl.dll in the run-time configuration. Without having OpenSSL added to the builds you got the following error:

msHTTPExecuteRequests(): HTTP request error. HTTP: request failed with curl error code 1 (Protocol https not supported or disabled in libcurl)

3. Set up the cerificate bundle along with your installation.

In short it will require to set up the CURL_CA_BUNDLE environment variable to point to the location of the .crt file. You can find this file (curl-ca-bundle.crt) in the /bin/curl folder of the binary packages mentioned above. The file contains the most recent version of http://curl.haxx.se/ca/cacert.pem (at the time of the nightly build).

Note: CURL_CA_BUNDLE can be set up system wide (in My Computer->Properties), however you may prefer to apply this environment setting only for the process hosting the mapserver libraries so as not to cause side effects for other applications using libcurl and openSSL. The main issue here is that most of the libararies use getenv to retrieve the environment setting, which operates only on the data structures accessible to the run-time library (msvcrt) and not on the environment "segment" created for the process by the operating system. In this regard the libraries work only on a snapshot of the variables that have been set during the process startup. In this regard you may choose to set up the environment before the process has been started (by using a startup script) or use _putenv to set up the environment variable at run time. I will be trying to discuss this topic in more detail in a subsequent post.

You may check whether your WMS/WFS server is working with the standalone installation of curl.exe in the binary packages and open an SDK command prompt by using SDKShell.bat supported with the packages. In the command prompt you may use a valid url to your service, like:

 curl "https://username:password@www.secureservice.com/service?..."

At this point if you get valid data response you may omit the following step.

4. Extract the certificate entry from the server

In the previous step if you get the following error, your remote server probably use a self-signed SSL certificate and the server certificate is not included in your CA bundle file.

curl: (60) SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed


To get the remote server certificate you may use openssl.exe in the command prompt (also included in the daily buillt packages) according to the folowing example (you may probably use the default SSL port:443 in most cases):

  openssl s_client -connect www.secureservice.com:443

Copy all from "-----BEGIN CERTIFICATE-----" tag to "-----END CERTIFICATE-----" tag. Paste it at the end of the curl-ca-bundle.crt file, and repeat #3 to make sure the certificate data is now working.

50 comments:

  1. When running MapServer on IIS (from your build packages), the CURL_CA_BUNDLE is always empty even if this is set in the Windows environment properties (tried Windows 7, Win Server 2008R2, and 6.4 builds for MSVCR 2008 and 2013).

    I tried setting the fastCgi environmentVariables but these are also not picked up. Could this be related to what you wrote - "most of the libraries use getenv..which operates only on the data structures accessible to the run-time library (msvcrt) and not on the environment "segment"

    There are more details at http://lists.osgeo.org/pipermail/mapserver-users/2015-February/077419.html

    Has anyone successfully used environmentVariables and FastCGI on Windows?

    ReplyDelete
    Replies
    1. Responsive and the most reflective topic it is, but also get involve in the most desiring dissertation writing help to get the most effective Thesis easily in all over the UAE.

      Delete
  2. Brilliant content is sometimes impossible to find! To protect you Galaxy Note 8 phone, you can use Samsung Galaxy Note 8 Cases.

    ReplyDelete
  3. It is a fantastic post – immense clear and easy to understand. I am also holding out for the sharks too that made me laugh. BinaryStrategy

    ReplyDelete
  4. It is a great website.. The Design looks very good.. Keep working like that!. recover money lost to binary options

    ReplyDelete
  5. It is even a good way for the fan to enjoy the Super Bowl 2020 Live Stream game even if you do not wish to opt for any contract cable. Not only Super Bowl live, but you can also enjoy the different sporting events on the television. You simply need a good connection along with the Sling Blue Package.

    ReplyDelete
  6. Ingatlah ini dalam pikiran Anda saat merancang keputusan ini pasti terakhir. Kartu slot online terbaru debit hanyalah kartu yang akan diterbitkan oleh bank yang memungkinkan situs slot online siapa pun untuk mengelola dana dan memasukkannya ke banyak catatan lain secara elektronik. Mengenai debit akses situs slot online yang prabayar sebenarnya fungsinya sama.

    ReplyDelete
  7. QuickBooks is the accounting tool and there is other tool quicken and the difference is the quicken is small hand made accounting tool as quickbooks is hardcore bug accounting tool in comparison of quicken mileage tracker

    ReplyDelete
  8. Whenever I try to configure the SSL on my router, it always shows me apache configuration error AH02572. What does it exactly mean, and how can I fix it forever? Assignment Writing Service

    ReplyDelete
  9. Mynordstrom employees portal provide a variety of options for their employees self-service. They are simple and easy to manage and can be used instead of unnecessary paperwork. Portal is increasing day by day, becoming central to business transactions.

    ReplyDelete
  10. it is the first and foremost duty of parents to select a meaningful and beautiful name for the baby. Moreover, parents are not selecting common names for the babies but find unique names for them using various name combiner for baby.

    ReplyDelete
  11. Thank you for sharing such a nice and informative article with us. It was very interesting. Although this topic is usually interesting, your interesting writing makes it even more interesting. Thanks again for what you’ve done. medikush.

    ReplyDelete
  12. Business structure of the company
    Before starting a business or even choosing a jurisdiction, you need to plan a corporate structure for your business and based on that determine the purpose of the business you wish to start. It is important to understand the business structure of your company as this will determine the jurisdiction and type of company you choose to best meet your needs.
    A company’s business structure is its primary function within the wider corporate structure of your business. On this basis, we can identify the following company types:

    Trading company
    Online trading company
    Holding company
    Foundation
    Trust

    http://www.confiduss.com/en/services/incorporation/purpose/

    ReplyDelete
  13. Thanks for sharing these. If you want to know more about it you can go to whatsapp social network. Download fm whatsapp on https://yowaplus.net/fm-whatsapp.html to be safe. I tried it and it's great.

    ReplyDelete
  14. If you get the following issue during the previous stage, your remote server is most likely using a self-signed SSL certificate, Best Accounting Firms In Dubai and your CA bundle file does not contain the server certificate.

    ReplyDelete
  15. thank you for posting such article here. BenefitsCal

    ReplyDelete
  16. Excellent tech post to read. Really worthy of reading technical blogs like this. You are too good to teach technical information. Keep updating us by sharing more technical blogs. Divorce Lawyers Loudoun VA

    ReplyDelete
  17. I want to thank to your amazing post. Keep up the great work. targetpayandbenefits

    ReplyDelete
  18. If you're looking for daily built binary packages of MapServer with OpenSSL support, you might want to check the official MapServer website or other reputable sources that provide software builds. TellPopeyes

    ReplyDelete
  19. I want to thank to your amazing post. Keep up the great work. Bell's Palsy Mississauga

    ReplyDelete
  20. Thanks for sharing beautiful content. I got information from your blog. keep sharing. calgary retirement planning

    ReplyDelete
  21. abogado de accidentes
    The daily built binary packages for MapServer with OpenSSL support are a significant convenience for developers and users, streamlining the installation process and ensuring the latest features and security enhancements. This commitment to maintaining a secure and efficient platform is appreciated. Access to these packages simplifies integration and keeps projects aligned with the latest developments. The provision of these binary packages is a testament to the dedication to user-friendly and secure solutions, benefiting the user base. The initiative enhances the accessibility and reliability of MapServer, ensuring a smooth experience for developers and users.

    ReplyDelete
  22. That's great. I was impressed by your writing. I am happy to see such a topic. Please come to my blog and read it. PaybyPlateMa Invoice

    ReplyDelete
  23. This blog post is simply fantastic! The content is both informative and engaging, making it a joy to read. I appreciate how well-researched and organized the information is, making it easy to follow along. divorce in new york state how long does it take

    ReplyDelete
  24. Real-time updates on daily binary packages for MapServer with OpenSSL support are unavailable. For accurate information, visit the official MapServer website or relevant forums.Divorcio de Corte Suprema de Nueva York

    ReplyDelete
  25. I appreciate how well-researched and organized the information is, making it easy to follow along. Reception hall Montreal

    ReplyDelete
  26. This blog post is simply fantastic! The content is both informative and engaging, making it a joy to read. urban logistics montreal

    ReplyDelete
  27. I want to thank to your amazing post. Keep up the great work. laser skin rejuvenation mississauga on

    ReplyDelete
  28. MapServer users can enjoy daily built binary packages with OpenSSL support, ensuring the platform is always updated and compatible with the latest security features. This continuous build process streamlines installation and updates, enhancing user experience. This robust solution is particularly beneficial for geospatial applications, providing access to the latest enhancements and security measures, simplifying maintenance and security for MapServer users. Abogado Conducir Sin Licencia de Condado Hudson

    ReplyDelete
  29. The service provides daily binary packages for MapServer with OpenSSL support, offering convenience and reliability. It offers advantages over manual compilation and alternative sources, including ease of installation and performance enhancements, making it valuable for developers and users.New York State Legal Separation Vs Divorce

    ReplyDelete
  30. We are committed to supporting students' assignment needs. Our primary area of expertise is creating original assignments for students that adhere to academic standards and help them succeed in their studies editing help best academic essay writing

    ReplyDelete
  31. You can obtain MapServer binary packages with OpenSSL support from various sources, including package repositories and third-party providers. Thanks for sharing the information also check abogado de divorcio de nueva jersey

    ReplyDelete
  32. The service provides daily binary packages for MapServer with OpenSSL support, offering convenience and reliability. electric bikes halifax

    ReplyDelete
  33. My router consistently displays the apache configuration error AH02572 whenever I try to configure the SSL on it. What exactly does it mean, and how can I permanently fix it?
    Dissertation Writing Services UK

    ReplyDelete
  34. The convenience of regularly generated binary packages with OpenSSL support is now available to MapServer fans, simplifying integration and guaranteeing current functionality for seamless map building and exploration.
    criminal attorneys in prince william county

    ReplyDelete
  35. This post is excellent — quite lucid and simple to comprehend. I'm also hoping for the sharks that made me chuckle.
    criminal attorneys in prince william county

    ReplyDelete
  36. El Abogado Tráfico Fairfax es excepcional. Su dedicación y conocimiento legal sobresalen. Me brindaron asesoramiento experto y resolvieron mi caso de tráfico de manera eficiente. ¡Altamente recomendado para quien busque resultados positivos y un equipo comprometido!

    ReplyDelete
  37. For anyone navigating the intricacies of a divorce in New York, your site has been an invaluable resource. The knowledge on quick and reasonably priced options is quite helpful. We appreciate you helping to make an arduous procedure a little easier!
    Rápido Barato Divorcio Nueva York

    ReplyDelete
  38. Nice blog, I'm always read your blog. It's informative and useful. Thanks for sharing. Federal Wire Fraud Defense Lawyer

    ReplyDelete
  39. Excellent explanation on New York State Divorce Laws! 👏 Brief and educational. For anyone navigating the intricacies of divorce in the state, your concise explanations and essential points offer a useful resource. Thank you for taking a direct approach to such a delicate subject. 👍💼 Keep up the great job of providing accessible legal knowledge! New York State Divorce Rules

    ReplyDelete
  40. MapServer Official Website:
    Start by checking the official MapServer website. They may provide binary packages or links to repositories that offer the latest builds. Look for a downloads or installation section on their website.

    Package Managers:
    Utilize package managers like apt, yum, or brew depending on your operating system. Some systems offer repositories that are regularly updated with the latest versions of software.

    GitHub Releases:
    Check MapServer's GitHub repository for releases. Sometimes, developers upload binary packages along with the source code. The releases page typically contains links to download pre-built binaries. truck accident attorney

    ReplyDelete
  41. That's fantastic news! Having daily built binary packages for MapServer with OpenSSL support is a game-changer for developers. It streamlines the process and ensures compatibility and security. Thank you for making our workflow smoother! IT solution services

    ReplyDelete
  42. Trust Astor Wealth Group to handle your securities financing needs with precision and expertise, ensuring seamless transactions and optimal outcomes.

    ReplyDelete
  43. Explore the latest enhancements and features of GB WhatsApp on MBWhatsKing. Stay updated with the newest versions and enjoy added functionalities to elevate your messaging experience effortlessly.

    ReplyDelete
  44. Embrace the laid-back luxury of coastal living with our chalets for sale in batroun , where every day feels like a vacation in your own private paradise.

    ReplyDelete