Klaus Zimmermann's Corner

Fixing the SSL Certificate issues in Raspup (Puppy Linux for the Raspberry Pi)

In my quest to find the perfect desktop-like distro for my Raspberry Pi, I've been back in black with good ol' Puppy Linux, the original live medium, old computer-oriented, loads-to-RAM and flies distribution that probably pretty much everyone who distrohopped for a while must have tried at least once. Puppies (yes, now a family of like-thinking distributions rather than a single one) have been built for a myriad of platforms and flavors, and nowadays also feature a custom-build one for the Pi, under the name of Raspup.

It works great, detects all the hardware, but there is one bone to pick with it: HTTPS support is sort of broken. In some applications like Browsers, which seem to do use their own SSL stack, this passes unnoticeable, but others that use the OS's stack keep failing, proven by a simple curl request to an HTTPS website. After banging my head quite a while with it, I finally was able to narrow it down: there are no SSL certificates anywhere to be found in the system. This is actually not that obvious upon inspection because what you do have in /etc/ssl/certs/ are symlinks pointing to other (nonexistent) locations where the actual certificates were supposed to be. Touché.

Bug? Filesystem mismatch from when booting on the Pi? Who knows. The important part is that I found a way to fix it. Basically:

  1. Download this consolidated, up-to-date CA Certificate from the cURL project (either use wget or pass -k to curl to force insecure connections) and save it to /etc/ssl/certs/.
  2. Then, in some startup file (.bashrc, .profile, etc) add this line:

    export SSLCERTFILE="/etc/ssl/certs/cacert.pem"

Restart the shell and session, and everything now is working. You can join IRC and download everything again. Raspup has got a whole lot nicer now. Let's see how it turns out in the next days.