summaryrefslogtreecommitdiffstats
path: root/lib
diff options
context:
space:
mode:
authorRobin Appelman <robin@icewind.nl>2022-06-21 16:50:06 +0200
committerRobin Appelman <robin@icewind.nl>2022-07-05 15:57:54 +0200
commitbffa67c48beced2147af196a5b63414c113aaad4 (patch)
treee67f9e23b3a34e4b5b89e31d66a267fda3cdd44a /lib
parentde3504150c44af8b20bc7fad9810abc3be0b9839 (diff)
downloadnextcloud-server-bffa67c48beced2147af196a5b63414c113aaad4.tar.gz
nextcloud-server-bffa67c48beced2147af196a5b63414c113aaad4.zip
also use nextcloud certificate bundle when downloading from s3
Signed-off-by: Robin Appelman <robin@icewind.nl>
Diffstat (limited to 'lib')
-rw-r--r--lib/private/Files/ObjectStore/S3ConnectionTrait.php22
-rw-r--r--lib/private/Files/ObjectStore/S3ObjectTrait.php5
2 files changed, 17 insertions, 10 deletions
diff --git a/lib/private/Files/ObjectStore/S3ConnectionTrait.php b/lib/private/Files/ObjectStore/S3ConnectionTrait.php
index c3836749c6d..a1dd8ba3909 100644
--- a/lib/private/Files/ObjectStore/S3ConnectionTrait.php
+++ b/lib/private/Files/ObjectStore/S3ConnectionTrait.php
@@ -121,15 +121,6 @@ trait S3ConnectionTrait {
)
);
- // since we store the certificate bundles on the primary storage, we can't get the bundle while setting up the primary storage
- if (!isset($this->params['primary_storage'])) {
- /** @var ICertificateManager $certManager */
- $certManager = \OC::$server->get(ICertificateManager::class);
- $certPath = $certManager->getAbsoluteBundlePath();
- } else {
- $certPath = \OC::$SERVERROOT . '/resources/config/ca-bundle.crt';
- }
-
$options = [
'version' => isset($this->params['version']) ? $this->params['version'] : 'latest',
'credentials' => $provider,
@@ -139,7 +130,7 @@ trait S3ConnectionTrait {
'signature_provider' => \Aws\or_chain([self::class, 'legacySignatureProvider'], ClientResolver::_default_signature_provider()),
'csm' => false,
'use_arn_region' => false,
- 'http' => ['verify' => $certPath],
+ 'http' => ['verify' => $this->getCertificateBundlePath()],
];
if ($this->getProxy()) {
$options['http']['proxy'] = $this->getProxy();
@@ -218,4 +209,15 @@ trait S3ConnectionTrait {
return new RejectedPromise(new CredentialsException($msg));
};
}
+
+ protected function getCertificateBundlePath(): string {
+ // since we store the certificate bundles on the primary storage, we can't get the bundle while setting up the primary storage
+ if (!isset($this->params['primary_storage'])) {
+ /** @var ICertificateManager $certManager */
+ $certManager = \OC::$server->get(ICertificateManager::class);
+ return $certManager->getAbsoluteBundlePath();
+ } else {
+ return \OC::$SERVERROOT . '/resources/config/ca-bundle.crt';
+ }
+ }
}
diff --git a/lib/private/Files/ObjectStore/S3ObjectTrait.php b/lib/private/Files/ObjectStore/S3ObjectTrait.php
index 4e54a26e98a..a4efc687236 100644
--- a/lib/private/Files/ObjectStore/S3ObjectTrait.php
+++ b/lib/private/Files/ObjectStore/S3ObjectTrait.php
@@ -43,6 +43,8 @@ trait S3ObjectTrait {
*/
abstract protected function getConnection();
+ abstract protected function getCertificateBundlePath(): string;
+
/**
* @param string $urn the unified resource name used to identify the object
* @return resource stream with the read data
@@ -68,6 +70,9 @@ trait S3ObjectTrait {
'protocol_version' => $request->getProtocolVersion(),
'header' => $headers,
],
+ 'ssl' => [
+ 'cafile' => $this->getCertificateBundlePath()
+ ]
];
if ($this->getProxy()) {