Matlab websave SSL certificates

Matlab websave allows specifying details options to control HTTP behavior via weboptions. Typical options that are modified include Timeout and SSL Certificate checking bypass. While SSL certificate checking adds security to web operations, some HPC systems have old or broken certificates. Other systems may simply need environment variable SSL_CERT_FILE set to tell Matlab’s vendored cURL where the cert file is. However, websave has some limitations such as no redirects that may lead the Matlab user to use curl with Matlab instead.

As a last resort, certificate checking can be turned off, but this opens up code / file integrity and concomitant security issues. A generally better solution than disabling certificate checking is to configuration your user profile to tell cURL and Git the location of the system certificates. For this example we assume the certificate file is at “/etc/ssl/certs/ca-bundle.crt”.

Set cURL SSL environment variable by editing ~/.bashrc. This can fix issues with Matlab websave() that uses Matlab’s vendored cURL.

export SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt

Tell Git where the SSL cert file is by:

git config --global http.sslCAInfo /etc/ssl/certs/ca-bundle.crt

This example sets reply timeout to 15 seconds and specifies custom SSL cert location when environment variable SSL_CERT_FILE is set.

if isfile(getenv("SSL_CERT_FILE"))
  web_opts = weboptions('CertificateFilename', getenv("SSL_CERT_FILE"), 'Timeout', 15);
else
  web_opts = weboptions('Timeout', 15);
end

websave(saved_file, url, opts);