From 375ef4c06235c1675fe37c94c4df568071a26b3e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julius=20H=C3=A4rtl?= Date: Wed, 14 Aug 2024 15:13:05 +0200 Subject: [PATCH] fix: Allow to disable ssl verification for object storage MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Julius Härtl --- lib/private/Files/ObjectStore/S3ConnectionTrait.php | 3 ++- lib/private/Files/ObjectStore/S3ObjectTrait.php | 7 ++++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/lib/private/Files/ObjectStore/S3ConnectionTrait.php b/lib/private/Files/ObjectStore/S3ConnectionTrait.php index 9de85f00620..8be8ccf21af 100644 --- a/lib/private/Files/ObjectStore/S3ConnectionTrait.php +++ b/lib/private/Files/ObjectStore/S3ConnectionTrait.php @@ -51,6 +51,7 @@ trait S3ConnectionTrait { $params['port'] = (isset($params['use_ssl']) && $params['use_ssl'] === false) ? 80 : 443; } $params['verify_bucket_exists'] = $params['verify_bucket_exists'] ?? true; + $params['ssl_verify'] = $params['ssl_verify'] ?? true; if ($params['s3-accelerate']) { $params['verify_bucket_exists'] = false; @@ -100,7 +101,7 @@ trait S3ConnectionTrait { 'csm' => false, 'use_arn_region' => false, 'http' => [ - 'verify' => $this->getCertificateBundlePath(), + 'verify' => $this->params['ssl_verify'] ? $this->getCertificateBundlePath() : false, // Timeout for the connection to S3 server, not for the request. 'connect_timeout' => 5 ], diff --git a/lib/private/Files/ObjectStore/S3ObjectTrait.php b/lib/private/Files/ObjectStore/S3ObjectTrait.php index 2e625033751..25482477695 100644 --- a/lib/private/Files/ObjectStore/S3ObjectTrait.php +++ b/lib/private/Files/ObjectStore/S3ObjectTrait.php @@ -54,7 +54,8 @@ trait S3ObjectTrait { 'http' => [ 'protocol_version' => $request->getProtocolVersion(), 'header' => $headers, - ] + ], + 'ssl' => [], ]; $bundle = $this->getCertificateBundlePath(); if ($bundle) { @@ -63,6 +64,10 @@ trait S3ObjectTrait { ]; } + if ($this->params['ssl_verify'] === false) { + $opts['ssl']['verify_peer'] = false; + } + if ($this->getProxy()) { $opts['http']['proxy'] = $this->getProxy(); $opts['http']['request_fulluri'] = true;