upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-02-20 00:12:30 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions 38

also use nextcloud certificate bundle when downloading from s3

Browse source 
Signed-off-by: Robin Appelman <robin@icewind.nl>
This commit is contained in:
Robin Appelman 2022-06-21 16:50:06 +02:00
parent de3504150c
commit bffa67c48b
No known key found for this signature in database
GPG key ID: 42B69D8A64526EFB
2 changed files with 17 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
lib/private/Files/ObjectStore/S3ConnectionTrait.php
View file

@ -121,15 +121,6 @@ trait S3ConnectionTrait {
)
);
// since we store the certificate bundles on the primary storage, we can't get the bundle while setting up the primary storage
if (!isset($this->params['primary_storage'])) {
/** @var ICertificateManager $certManager */
$certManager = \OC::$server->get(ICertificateManager::class);
$certPath = $certManager->getAbsoluteBundlePath();
} else {
$certPath = \OC::$SERVERROOT . '/resources/config/ca-bundle.crt';
}
$options = [
'version' => isset($this->params['version']) ? $this->params['version'] : 'latest',
'credentials' => $provider,
@ -139,7 +130,7 @@ trait S3ConnectionTrait {
'signature_provider' => \Aws\or_chain([self::class, 'legacySignatureProvider'], ClientResolver::_default_signature_provider()),
'csm' => false,
'use_arn_region' => false,
'http' => ['verify' => $certPath],
'http' => ['verify' => $this->getCertificateBundlePath()],
];
if ($this->getProxy()) {
$options['http']['proxy'] = $this->getProxy();
@ -218,4 +209,15 @@ trait S3ConnectionTrait {
return new RejectedPromise(new CredentialsException($msg));
};
}
protected function getCertificateBundlePath(): string {
// since we store the certificate bundles on the primary storage, we can't get the bundle while setting up the primary storage
if (!isset($this->params['primary_storage'])) {
/** @var ICertificateManager $certManager */
$certManager = \OC::$server->get(ICertificateManager::class);
return $certManager->getAbsoluteBundlePath();
} else {
return \OC::$SERVERROOT . '/resources/config/ca-bundle.crt';
}
}
}

5
lib/private/Files/ObjectStore/S3ObjectTrait.php
View file

@ -43,6 +43,8 @@ trait S3ObjectTrait {
*/
abstract protected function getConnection();
abstract protected function getCertificateBundlePath(): string;
/**
* @param string $urn the unified resource name used to identify the object
* @return resource stream with the read data
@ -68,6 +70,9 @@ trait S3ObjectTrait {
'protocol_version' => $request->getProtocolVersion(),
'header' => $headers,
],
'ssl' => [
'cafile' => $this->getCertificateBundlePath()
]
];
if ($this->getProxy()) {