aboutsummaryrefslogtreecommitdiffstats
path: root/lib
diff options
context:
space:
mode:
authorRichard Steinmetz <richard@steinmetz.cloud>2024-09-24 10:33:07 +0200
committerRichard Steinmetz <richard@steinmetz.cloud>2024-09-30 09:21:59 +0200
commite2373b56fe9441a1f5a6b5b802410ff4164579da (patch)
tree83ff4cf7caf933aab67cec0a525e29fb5bfa7881 /lib
parentaec1ac1da4504f2c0c4ee2d5dd5b85eab19a4579 (diff)
downloadnextcloud-server-e2373b56fe9441a1f5a6b5b802410ff4164579da.tar.gz
nextcloud-server-e2373b56fe9441a1f5a6b5b802410ff4164579da.zip
fix: gracefully parse non-standard trusted certificatesbackport/48307/stable29
Signed-off-by: Richard Steinmetz <richard@steinmetz.cloud>
Diffstat (limited to 'lib')
-rw-r--r--lib/private/Security/Certificate.php10
1 files changed, 10 insertions, 0 deletions
diff --git a/lib/private/Security/Certificate.php b/lib/private/Security/Certificate.php
index 759c71b2eec..a198bdd886e 100644
--- a/lib/private/Security/Certificate.php
+++ b/lib/private/Security/Certificate.php
@@ -61,6 +61,16 @@ class Certificate implements ICertificate {
$info = openssl_x509_parse($data);
if (!is_array($info)) {
+ // There is a non-standardized certificate format only used by OpenSSL. Replace all
+ // separators and try again.
+ $data = str_replace(
+ ['-----BEGIN TRUSTED CERTIFICATE-----', '-----END TRUSTED CERTIFICATE-----'],
+ ['-----BEGIN CERTIFICATE-----', '-----END CERTIFICATE-----'],
+ $data,
+ );
+ $info = openssl_x509_parse($data);
+ }
+ if (!is_array($info)) {
throw new \Exception('Certificate could not get parsed.');
}