aboutsummaryrefslogtreecommitdiffstats
path: root/lib
diff options
context:
space:
mode:
authorRichard Steinmetz <richard@steinmetz.cloud>2024-09-24 10:33:07 +0200
committerRichard Steinmetz <richard@steinmetz.cloud>2024-09-30 09:11:42 +0200
commitc4ffd8443949db03cda56deb76b474dc583189f7 (patch)
tree6d9c53525cedc5330e2701267c52a130a3d38aa5 /lib
parent79dd81995f70f71a5ba2e19957d9261e3a6030b3 (diff)
downloadnextcloud-server-c4ffd8443949db03cda56deb76b474dc583189f7.tar.gz
nextcloud-server-c4ffd8443949db03cda56deb76b474dc583189f7.zip
fix: gracefully parse non-standard trusted certificatesbackport/48307/stable30
Signed-off-by: Richard Steinmetz <richard@steinmetz.cloud>
Diffstat (limited to 'lib')
-rw-r--r--lib/private/Security/Certificate.php10
1 files changed, 10 insertions, 0 deletions
diff --git a/lib/private/Security/Certificate.php b/lib/private/Security/Certificate.php
index b9d84caeca3..1551694c21f 100644
--- a/lib/private/Security/Certificate.php
+++ b/lib/private/Security/Certificate.php
@@ -42,6 +42,16 @@ class Certificate implements ICertificate {
$info = openssl_x509_parse($data);
if (!is_array($info)) {
+ // There is a non-standardized certificate format only used by OpenSSL. Replace all
+ // separators and try again.
+ $data = str_replace(
+ ['-----BEGIN TRUSTED CERTIFICATE-----', '-----END TRUSTED CERTIFICATE-----'],
+ ['-----BEGIN CERTIFICATE-----', '-----END CERTIFICATE-----'],
+ $data,
+ );
+ $info = openssl_x509_parse($data);
+ }
+ if (!is_array($info)) {
throw new \Exception('Certificate could not get parsed.');
}