diff options
author | Richard Steinmetz <richard@steinmetz.cloud> | 2024-09-24 10:33:07 +0200 |
---|---|---|
committer | Richard Steinmetz <richard@steinmetz.cloud> | 2024-09-30 09:11:42 +0200 |
commit | c4ffd8443949db03cda56deb76b474dc583189f7 (patch) | |
tree | 6d9c53525cedc5330e2701267c52a130a3d38aa5 /lib | |
parent | 79dd81995f70f71a5ba2e19957d9261e3a6030b3 (diff) | |
download | nextcloud-server-c4ffd8443949db03cda56deb76b474dc583189f7.tar.gz nextcloud-server-c4ffd8443949db03cda56deb76b474dc583189f7.zip |
fix: gracefully parse non-standard trusted certificatesbackport/48307/stable30
Signed-off-by: Richard Steinmetz <richard@steinmetz.cloud>
Diffstat (limited to 'lib')
-rw-r--r-- | lib/private/Security/Certificate.php | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/lib/private/Security/Certificate.php b/lib/private/Security/Certificate.php index b9d84caeca3..1551694c21f 100644 --- a/lib/private/Security/Certificate.php +++ b/lib/private/Security/Certificate.php @@ -42,6 +42,16 @@ class Certificate implements ICertificate { $info = openssl_x509_parse($data); if (!is_array($info)) { + // There is a non-standardized certificate format only used by OpenSSL. Replace all + // separators and try again. + $data = str_replace( + ['-----BEGIN TRUSTED CERTIFICATE-----', '-----END TRUSTED CERTIFICATE-----'], + ['-----BEGIN CERTIFICATE-----', '-----END CERTIFICATE-----'], + $data, + ); + $info = openssl_x509_parse($data); + } + if (!is_array($info)) { throw new \Exception('Certificate could not get parsed.'); } |