summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRoeland Jago Douma <roeland@famdouma.nl>2017-05-09 13:00:07 +0200
committerRoeland Jago Douma <roeland@famdouma.nl>2017-05-09 13:00:07 +0200
commit5a61a794d4aefaab05a273a12b509a1585a679d0 (patch)
treef1f5ff484beaeefba4d05eef651c876ba5c25422
parent46f7e8202fa5f5c2af6ac6e5dcb82be8a5db8f22 (diff)
downloadnextcloud-server-5a61a794d4aefaab05a273a12b509a1585a679d0.tar.gz
nextcloud-server-5a61a794d4aefaab05a273a12b509a1585a679d0.zip
Do not write and read rootcerts.crt at the same time
(Possibly) fixes #3470 When updating the main file /files_external/rootcerts.crt we should not read from /files_external/rootcerts.crt at the same time. For 2 reasons: writing to a file and reading from it at the same time can have non deterministic results And we don't want all the certificates to appear 2 times in there. This isn't caught by our standard file locking (that does not allow this actually) because it is in a non locked path.... Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
-rw-r--r--lib/private/Security/CertificateManager.php5
1 files changed, 3 insertions, 2 deletions
diff --git a/lib/private/Security/CertificateManager.php b/lib/private/Security/CertificateManager.php
index 461ef9457a7..4419b56012f 100644
--- a/lib/private/Security/CertificateManager.php
+++ b/lib/private/Security/CertificateManager.php
@@ -119,7 +119,8 @@ class CertificateManager implements ICertificateManager {
return;
}
- $fhCerts = $this->view->fopen($path . '/rootcerts.crt', 'w');
+ $certPath = $path . 'rootcerts.crt';
+ $fhCerts = $this->view->fopen($certPath, 'w');
// Write user certificates
foreach ($certs as $cert) {
@@ -136,7 +137,7 @@ class CertificateManager implements ICertificateManager {
// Append the system certificate bundle
$systemBundle = $this->getCertificateBundle(null);
- if ($this->view->file_exists($systemBundle)) {
+ if ($systemBundle !== $certPath && $this->view->file_exists($systemBundle)) {
$systemCertificates = $this->view->file_get_contents($systemBundle);
fwrite($fhCerts, $systemCertificates);
}