use the nextcloud certificate bundle for s3

Signed-off-by: Robin Appelman <robin@icewind.nl>

1 files changed, 6 insertions, 1 deletions

diff --git a/lib/private/Files/ObjectStore/S3ConnectionTrait.php b/lib/private/Files/ObjectStore/S3ConnectionTrait.php
index b72b0ebee53..e4085676c18 100644
--- a/lib/private/Files/ObjectStore/S3ConnectionTrait.php
+++ b/lib/private/Files/ObjectStore/S3ConnectionTrait.php
@@ -38,6 +38,7 @@ use Aws\S3\Exception\S3Exception;
 use Aws\S3\S3Client;
 use GuzzleHttp\Promise;
 use GuzzleHttp\Promise\RejectedPromise;
+use OCP\ICertificateManager;
 use OCP\ILogger;
 
 trait S3ConnectionTrait {
@@ -120,6 +121,9 @@ trait S3ConnectionTrait {
 			)
 		);
 
+		/** @var ICertificateManager $certManager */
+		$certManager = \OC::$server->get(ICertificateManager::class);
+
 		$options = [
 			'version' => isset($this->params['version']) ? $this->params['version'] : 'latest',
 			'credentials' => $provider,
@@ -129,9 +133,10 @@ trait S3ConnectionTrait {
 			'signature_provider' => \Aws\or_chain([self::class, 'legacySignatureProvider'], ClientResolver::_default_signature_provider()),
 			'csm' => false,
 			'use_arn_region' => false,
+			'http' => ['verify' => $certManager->getAbsoluteBundlePath()],
 		];
 		if ($this->getProxy()) {
-			$options['http'] = [ 'proxy' => $this->getProxy() ];
+			$options['http']['proxy'] = $this->getProxy();
 		}
 		if (isset($this->params['legacy_auth']) && $this->params['legacy_auth']) {
 			$options['signature_version'] = 'v2';