diff options
| author | Robin Appelman <robin@icewind.nl> | 2022-06-21 16:50:06 +0200 |
|---|---|---|
| committer | backportbot-nextcloud[bot] <backportbot-nextcloud[bot]@users.noreply.github.com> | 2022-07-18 07:54:54 +0000 |
| commit | e640ee472077b47dacf975f38a745859440d72ca (patch) | |
| tree | 58b6381c5acff85a8d6e3196145843422b2280b3 /lib/private | |
| parent | 01dd022502bdfb3b04eaedaea58562819c0f62c4 (diff) | |
| download | nextcloud-server-e640ee472077b47dacf975f38a745859440d72ca.tar.gz nextcloud-server-e640ee472077b47dacf975f38a745859440d72ca.zip | |
also use nextcloud certificate bundle when downloading from s3
Signed-off-by: Robin Appelman <robin@icewind.nl>
Diffstat (limited to 'lib/private')
| -rw-r--r-- | lib/private/Files/ObjectStore/S3ConnectionTrait.php | 22 | ||||
| -rw-r--r-- | lib/private/Files/ObjectStore/S3ObjectTrait.php | 5 |
2 files changed, 17 insertions, 10 deletions
diff --git a/lib/private/Files/ObjectStore/S3ConnectionTrait.php b/lib/private/Files/ObjectStore/S3ConnectionTrait.php index d6f42c455b4..a58b1703596 100644 --- a/lib/private/Files/ObjectStore/S3ConnectionTrait.php +++ b/lib/private/Files/ObjectStore/S3ConnectionTrait.php @@ -121,15 +121,6 @@ trait S3ConnectionTrait { ) ); - // since we store the certificate bundles on the primary storage, we can't get the bundle while setting up the primary storage - if (!isset($this->params['primary_storage'])) { - /** @var ICertificateManager $certManager */ - $certManager = \OC::$server->get(ICertificateManager::class); - $certPath = $certManager->getAbsoluteBundlePath(); - } else { - $certPath = \OC::$SERVERROOT . '/resources/config/ca-bundle.crt'; - } - $options = [ 'version' => isset($this->params['version']) ? $this->params['version'] : 'latest', 'credentials' => $provider, @@ -139,7 +130,7 @@ trait S3ConnectionTrait { 'signature_provider' => \Aws\or_chain([self::class, 'legacySignatureProvider'], ClientResolver::_default_signature_provider()), 'csm' => false, 'use_arn_region' => false, - 'http' => ['verify' => $certPath], + 'http' => ['verify' => $this->getCertificateBundlePath()], ]; if ($this->getProxy()) { $options['http']['proxy'] = $this->getProxy(); @@ -219,4 +210,15 @@ trait S3ConnectionTrait { return new RejectedPromise(new CredentialsException($msg)); }; } + + protected function getCertificateBundlePath(): string { + // since we store the certificate bundles on the primary storage, we can't get the bundle while setting up the primary storage + if (!isset($this->params['primary_storage'])) { + /** @var ICertificateManager $certManager */ + $certManager = \OC::$server->get(ICertificateManager::class); + return $certManager->getAbsoluteBundlePath(); + } else { + return \OC::$SERVERROOT . '/resources/config/ca-bundle.crt'; + } + } } diff --git a/lib/private/Files/ObjectStore/S3ObjectTrait.php b/lib/private/Files/ObjectStore/S3ObjectTrait.php index 4e54a26e98a..a4efc687236 100644 --- a/lib/private/Files/ObjectStore/S3ObjectTrait.php +++ b/lib/private/Files/ObjectStore/S3ObjectTrait.php @@ -43,6 +43,8 @@ trait S3ObjectTrait { */ abstract protected function getConnection(); + abstract protected function getCertificateBundlePath(): string; + /** * @param string $urn the unified resource name used to identify the object * @return resource stream with the read data @@ -68,6 +70,9 @@ trait S3ObjectTrait { 'protocol_version' => $request->getProtocolVersion(), 'header' => $headers, ], + 'ssl' => [ + 'cafile' => $this->getCertificateBundlePath() + ] ]; if ($this->getProxy()) { |