From 6c90e3f78067c718b2eadb01c190175c0ddd1f8c Mon Sep 17 00:00:00 2001
From: Jan Messer <jan@mtec-studios.ch>
Date: Fri, 11 Nov 2022 02:52:32 +0100
Subject: [PATCH 1/3] [BUGFIX] check return value and improve error handling

With S3 primary storage there was a problem with getting the CA bundle from the storage without having the CA bundle for the connection which causes that the CertificateManager was throwing an Error.
This commit improves the handling in CertificateManager and log unexpected behaviors.

Signed-off-by: Jan Messer <jan@mtec-studios.ch>
---
 lib/private/Security/CertificateManager.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lib/private/Security/CertificateManager.php b/lib/private/Security/CertificateManager.php
index fa26c19ceae..f1107130887 100644
--- a/lib/private/Security/CertificateManager.php
+++ b/lib/private/Security/CertificateManager.php
@@ -238,7 +238,7 @@ class CertificateManager implements ICertificateManager {
 	 */
 	public function getAbsoluteBundlePath(): string {
 		try {
-			if (!$this->bundlePath) {
+			if ($this->bundlePath === null) {
 				if (!$this->hasCertificates()) {
 					$this->bundlePath = \OC::$SERVERROOT . '/resources/config/ca-bundle.crt';
 				}
@@ -251,6 +251,7 @@ class CertificateManager implements ICertificateManager {
 			}
 			return $this->bundlePath;
 		} catch (\Exception $e) {
+			$this->logger->error('Failed to get absolute bundle path. Fallback to default ca-bundle.crt', ['exception' => $e]);
 			return \OC::$SERVERROOT . '/resources/config/ca-bundle.crt';
 		}
 	}

From 364f3f5f26056fac82fb7f249852341fa69d2630 Mon Sep 17 00:00:00 2001
From: Jan Messer <jan@mtec-studios.ch>
Date: Tue, 4 Apr 2023 22:01:35 +0200
Subject: [PATCH 2/3] [BUGFIX] throw exception instead of error if unable to
 create file handler (only exceptions are catch)

Signed-off-by: Jan Messer <jan@mtec-studios.ch>
---
 lib/private/Security/CertificateManager.php | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/lib/private/Security/CertificateManager.php b/lib/private/Security/CertificateManager.php
index f1107130887..f22a06641de 100644
--- a/lib/private/Security/CertificateManager.php
+++ b/lib/private/Security/CertificateManager.php
@@ -147,6 +147,10 @@ class CertificateManager implements ICertificateManager {
 		$tmpPath = $certPath . '.tmp' . $this->random->generate(10, ISecureRandom::CHAR_DIGITS);
 		$fhCerts = $this->view->fopen($tmpPath, 'w');
 
+		if (!is_resource($fhCerts)) {
+			throw new \RuntimeException('Unable to open file handler to create certificate bundle "' . $tmpPath . '".');
+		}
+
 		// Write user certificates
 		foreach ($certs as $cert) {
 			$file = $path . '/uploads/' . $cert->getName();

From 22f02a46d1b16793b9f7498d939221284afa83df Mon Sep 17 00:00:00 2001
From: Git'Fellow <12234510+solracsf@users.noreply.github.com>
Date: Thu, 4 May 2023 22:35:31 +0200
Subject: [PATCH 3/3] Fix conflicts

Signed-off-by: Git'Fellow <12234510+solracsf@users.noreply.github.com>
---
 lib/private/Security/CertificateManager.php | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/lib/private/Security/CertificateManager.php b/lib/private/Security/CertificateManager.php
index f22a06641de..6231534205a 100644
--- a/lib/private/Security/CertificateManager.php
+++ b/lib/private/Security/CertificateManager.php
@@ -251,7 +251,12 @@ class CertificateManager implements ICertificateManager {
 					$this->createCertificateBundle();
 				}
 
-				$this->bundlePath = $this->view->getLocalFile($this->getCertificateBundle());
+				$certificateBundle = $this->getCertificateBundle();
+				$this->bundlePath = $this->view->getLocalFile($certificateBundle) ?: null;
+
+				if ($this->bundlePath === null) {
+					throw new \RuntimeException('Unable to get certificate bundle "' . $certificateBundle . '".');
+				}
 			}
 			return $this->bundlePath;
 		} catch (\Exception $e) {