diff options
| author | Julius Härtl <jus@bitgrid.net> | 2024-08-14 15:13:05 +0200 |
|---|---|---|
| committer | Julius Knorr <jus@bitgrid.net> | 2024-11-04 13:53:43 +0100 |
| commit | 375ef4c06235c1675fe37c94c4df568071a26b3e (patch) | |
| tree | b6d3ee1e5263e8394e82f952fecc78a714022067 | |
| parent | bd8348f5c1ab1732de02ccff8fefd8919ba2a8fd (diff) | |
| download | nextcloud-server-fix/s3-verify-peer-setting.tar.gz nextcloud-server-fix/s3-verify-peer-setting.zip | |
fix: Allow to disable ssl verification for object storagefix/s3-verify-peer-setting
Signed-off-by: Julius Härtl <jus@bitgrid.net>
| -rw-r--r-- | lib/private/Files/ObjectStore/S3ConnectionTrait.php | 3 | ||||
| -rw-r--r-- | lib/private/Files/ObjectStore/S3ObjectTrait.php | 7 |
2 files changed, 8 insertions, 2 deletions
diff --git a/lib/private/Files/ObjectStore/S3ConnectionTrait.php b/lib/private/Files/ObjectStore/S3ConnectionTrait.php index 9de85f00620..8be8ccf21af 100644 --- a/lib/private/Files/ObjectStore/S3ConnectionTrait.php +++ b/lib/private/Files/ObjectStore/S3ConnectionTrait.php @@ -51,6 +51,7 @@ trait S3ConnectionTrait { $params['port'] = (isset($params['use_ssl']) && $params['use_ssl'] === false) ? 80 : 443; } $params['verify_bucket_exists'] = $params['verify_bucket_exists'] ?? true; + $params['ssl_verify'] = $params['ssl_verify'] ?? true; if ($params['s3-accelerate']) { $params['verify_bucket_exists'] = false; @@ -100,7 +101,7 @@ trait S3ConnectionTrait { 'csm' => false, 'use_arn_region' => false, 'http' => [ - 'verify' => $this->getCertificateBundlePath(), + 'verify' => $this->params['ssl_verify'] ? $this->getCertificateBundlePath() : false, // Timeout for the connection to S3 server, not for the request. 'connect_timeout' => 5 ], diff --git a/lib/private/Files/ObjectStore/S3ObjectTrait.php b/lib/private/Files/ObjectStore/S3ObjectTrait.php index 2e625033751..25482477695 100644 --- a/lib/private/Files/ObjectStore/S3ObjectTrait.php +++ b/lib/private/Files/ObjectStore/S3ObjectTrait.php @@ -54,7 +54,8 @@ trait S3ObjectTrait { 'http' => [ 'protocol_version' => $request->getProtocolVersion(), 'header' => $headers, - ] + ], + 'ssl' => [], ]; $bundle = $this->getCertificateBundlePath(); if ($bundle) { @@ -63,6 +64,10 @@ trait S3ObjectTrait { ]; } + if ($this->params['ssl_verify'] === false) { + $opts['ssl']['verify_peer'] = false; + } + if ($this->getProxy()) { $opts['http']['proxy'] = $this->getProxy(); $opts['http']['request_fulluri'] = true; |