I have noticed that on the Beaglbone Black that I am constantly having problems with git and curl when it comes to https sites. This post addresses the configuration problems and shows you different ways to solve the problem that may suit your particular needs.

Fixing the SSL problems with Git

Out of the box, if you try to commit to a github repository using https (a requirement of github) then you will have difficulties with certificates. The error you will get looks like this (I’m using -v for verbose mode):

Under older versions of git, the problem may also appear as:

You could of course fix this by using git://github.com/derekmolloy/boneCV.git as the repository address; however, this does not fix the problem when you try to commit to the repository. In fact, the same error will arise.

Solution 1 – The super-easy but bad solution!

Simply use the git global preferences to turn off SSL  verification:

A git push will work with this solution:

The downside? Well what is the point in using https if you have turned off SSL verification… This solution is not recommended as it leaves you vulnerable to man-in-the-middle attacks.

Solution 2 – The definitely-better Solution!

For the test below, I reset SSL verification to be on, so:

Make sure that your ca-certificates (certification authority certificates! wow!) package is up to date:

Now edit your .gitcofig, which is a hidden file in your home directory (works for all user accounts including root) – If it doesn’t exist on your account, create it:

Change your .gitconfig settings for [http] to be like mine:

Where sslCAinfo is the important field to set. Replace the [user] details with your own details.

Now, cloning a repository…

And pushing to the repository is working fine too.

Everything is working.

Fixing SSL Problems with Curl

Similar problems arise with curl – For example:

Again there are multiple solutions:

Solution 1 – Turn off certificates

The first is to simply turn off certificates using the curl -k option, so:

Again, this is not a good solution as it leaves you vulnerable to man-in-the-middle attacks.

 Solution 2 – Better – Fix the certificates problem at the Command Line

Again (in case you didn’t address git above), check that your ca-certificates package is up to date. You can then specify at the command line the cacert file using “–cacert /etc/ssl/certs/ca-certificates.crt“. It’s a bit verbose to do every time.

 Solution 3 – Best – Fix it using an environment variable

Effectively we can set the certs bundle in Solution 2 using an environment variable, which allows us to set this value on boot. So,

Once you have set this environment variable, you can just use curl with no flags:

All is in order now for both git and curl.

Finally we want to set this so that the environment variable is set on boot for the current user (root) – First we need to determine which shell we are currently using. For this we can do two things:

So, clearly we are using sh, which means that we use a .profile file in our home directory; so, we could do a vi .profile and add the following text (to anything that is already there):

Then, just to check on reboot:

Finally, if you wish to generate new CA-certificates then you should have a look at the guides at: http://curl.haxx.se/docs/sslcerts.html