Matlab websave SSL certificates

Matlab websave allows specifying details options to control HTTP behavior via weboptions. Typical options that are modified include Timeout and SSL Certificate checking bypass. While SSL certificate checking adds security to web operations, some HPC systems have old or broken certificates. Other systems may simply need environment variable SSL_CERT_FILE set to tell Matlab’s vendored cURL where the cert file is.

As a last resort, certificate checking can be turned off, but this opens up code / file integrity and concomitant security issues.

Configuration

A generally better solution than disabling certificate checking is to configuration your user profile to tell cURL and Git the location of the system certificates. For this example we assume the certificate file is at “/etc/ssl/certs/ca-bundle.crt”.

cURL SSL config

set environment variable by editing ~/.bashrc

export SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt

This for example can fix issues with Matlab websave() that uses Matlab’s vendored cURL.

Git SSL config

Tell Git where the cert file is by:

git config --global http.sslCAInfo /etc/ssl/certs/ca-bundle.crt

Example

This example sets timeout to 15 seconds and specifies custom SSL cert location when environment variable SSL_CERT_FILE is set.

if isfile(getenv("SSL_CERT_FILE"))
  web_opts = weboptions('CertificateFilename', getenv("SSL_CERT_FILE"), 'Timeout', 15);
else
  web_opts = weboptions('Timeout', 15);
end

websave(saved_file, url, opts);