How to bypass SSL for PROJ reprojection
A friend was using GDAL’s ogr2ogr command to import some data to PostGIS recently, and as part of the import they were doing a reprojection of the data.
They got the following error:
PROJ: Cannot open https://cdn.proj.org/uk_os_OSTN15_NTv2_OSGBtoETRS.tif: schannel: the certificate or certificate
chain is based on an untrusted rootThey’ve had various SSL errors on their computer due to their company’s IT provider providing self-signed root certificates, or screwing up SSL settings in some other way.
She’s waiting for the IT provider to try and sort things out, but as a temporary measure, we managed to find a way to disable SSL verification for PROJ. This obviously reduces security, but I don’t think it’s a major issue as PROJ is just downloading publicly available conversion data to do accurate conversions between different co-ordinate systems. It’s also temporary, until the IT provider sort things out.
Anyway, to bypass SSL verification for PROJ, set the PROJ_UNSAFE_SSL environment variable to 1. For example, with:
export PROJ_UNSAFE_SSL=1on Linux, or:
set PROJ_UNSAFE_SSL=1Anyway, there doesn’t seem to be much documentation on this online – I eventually found this Github issue discussion and once I knew the environment variable name, I found it in the PROJ source code. I thought documenting it here may help other people find it.
If you found this post useful, please consider buying me a coffee.
This post originally appeared on Robin's Blog.
Categorised as: Academic, Computing, GIS, How To, Linux, OSX, Remote Sensing, Windows
Leave a Reply