GDAL GML driver Error setting certificate file

[StephanGeorg]

When loading GML files with st_read GDAL tries to download the schema:

DOWNLOAD_SCHEMA=[YES​/​NO]: Defaults to YES. Whether to download the remote application schema if needed (only if the document looks like a WFS response currently).

https://gdal.org/en/stable/drivers/vector/gml.html#open-options

and throws

IO Error:
GDAL Error (1): error setting certificate file: /etc/pki/tls/certs/ca-bundle.crt

ℹ️ Info: I tested it on MacOS (cli and python) and it works but fails on Linux (cli and python).

To Reproduce

wget https://www.geodaten-mv.de/dienste/inspire_ad_alkis_download\?REQUEST\=GetFeature\&SERVICE\=WFS\&VERSION\=2.0.0\&TYPENAMES\=ad%3AAddress\&count\=1 -O test.gml

FROM st_read('test.gml');

OS: Linux Version: 1.2.0, 1.2.1, 1.2.2 Environment: CLI, python

[StephanGeorg]

Setting export CURL_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt does the job, but I'm not sure if there isn't a more elegant solution.

[Maxxen]

Hello!

This is going to be difficult to resolve. I wasnt aware that GDAL used curl for more than reading files, and unfortunately i dont think there is a way for us to "hook into" gdal (like we do with our filesystem) and replace it with our own http client where we have better control over certificate handling.