Skip to content

Commit 99f62e0

Browse files
icewind1991icewind1991
committed
also use nextcloud certificate bundle when downloading from s3
Signed-off-by: Robin Appelman <robin@icewind.nl>
1 parent 9a1a3b4 commit 99f62e0

2 files changed

Lines changed: 17 additions & 10 deletions

File tree

lib/private/Files/ObjectStore/S3ConnectionTrait.php

Lines changed: 12 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -121,15 +121,6 @@ public function getConnection() {
121121
)
122122
);
123123

124-
// since we store the certificate bundles on the primary storage, we can't get the bundle while setting up the primary storage
125-
if (!isset($this->params['primary_storage'])) {
126-
/** @var ICertificateManager $certManager */
127-
$certManager = \OC::$server->get(ICertificateManager::class);
128-
$certPath = $certManager->getAbsoluteBundlePath();
129-
} else {
130-
$certPath = \OC::$SERVERROOT . '/resources/config/ca-bundle.crt';
131-
}
132-
133124
$options = [
134125
'version' => isset($this->params['version']) ? $this->params['version'] : 'latest',
135126
'credentials' => $provider,
@@ -139,7 +130,7 @@ public function getConnection() {
139130
'signature_provider' => \Aws\or_chain([self::class, 'legacySignatureProvider'], ClientResolver::_default_signature_provider()),
140131
'csm' => false,
141132
'use_arn_region' => false,
142-
'http' => ['verify' => $certPath],
133+
'http' => ['verify' => $this->getCertificateBundlePath()],
143134
];
144135
if ($this->getProxy()) {
145136
$options['http']['proxy'] = $this->getProxy();
@@ -218,4 +209,15 @@ protected function paramCredentialProvider() : callable {
218209
return new RejectedPromise(new CredentialsException($msg));
219210
};
220211
}
212+
213+
protected function getCertificateBundlePath(): string {
214+
// since we store the certificate bundles on the primary storage, we can't get the bundle while setting up the primary storage
215+
if (!isset($this->params['primary_storage'])) {
216+
/** @var ICertificateManager $certManager */
217+
$certManager = \OC::$server->get(ICertificateManager::class);
218+
return $certManager->getAbsoluteBundlePath();
219+
} else {
220+
return \OC::$SERVERROOT . '/resources/config/ca-bundle.crt';
221+
}
222+
}
221223
}

lib/private/Files/ObjectStore/S3ObjectTrait.php

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -43,6 +43,8 @@ trait S3ObjectTrait {
4343
*/
4444
abstract protected function getConnection();
4545

46+
abstract protected function getCertificateBundlePath(): string;
47+
4648
/**
4749
* @param string $urn the unified resource name used to identify the object
4850
* @return resource stream with the read data
@@ -68,6 +70,9 @@ public function readObject($urn) {
6870
'protocol_version' => $request->getProtocolVersion(),
6971
'header' => $headers,
7072
],
73+
'ssl' => [
74+
'cafile' => $this->getCertificateBundlePath()
75+
]
7176
];
7277

7378
if ($this->getProxy()) {

0 commit comments

Comments
 (0)