diff --git a/sysutils/nextcloud-backup/Makefile b/sysutils/nextcloud-backup/Makefile index 6ac87d90b..8a089b7b5 100644 --- a/sysutils/nextcloud-backup/Makefile +++ b/sysutils/nextcloud-backup/Makefile @@ -1,5 +1,5 @@ PLUGIN_NAME= nextcloud-backup -PLUGIN_VERSION= 1.2 +PLUGIN_VERSION= 1.3 PLUGIN_COMMENT= Track config changes using NextCloud .include "../../Mk/plugins.mk" diff --git a/sysutils/nextcloud-backup/pkg-descr b/sysutils/nextcloud-backup/pkg-descr index 42db2aed4..7cc2f01a3 100644 --- a/sysutils/nextcloud-backup/pkg-descr +++ b/sysutils/nextcloud-backup/pkg-descr @@ -6,6 +6,10 @@ strongly advise to not use a public service to send backups to. Plugin Changelog ================ +1.3 + +* Add option to disable SSL certificate verification + 1.2 * Add option to upload to one file each day instead of syncing the contents of /conf/backup diff --git a/sysutils/nextcloud-backup/src/opnsense/mvc/app/library/OPNsense/Backup/Nextcloud.php b/sysutils/nextcloud-backup/src/opnsense/mvc/app/library/OPNsense/Backup/Nextcloud.php index 340fb3048..9608dca22 100644 --- a/sysutils/nextcloud-backup/src/opnsense/mvc/app/library/OPNsense/Backup/Nextcloud.php +++ b/sysutils/nextcloud-backup/src/opnsense/mvc/app/library/OPNsense/Backup/Nextcloud.php @@ -79,6 +79,14 @@ class Nextcloud extends Base implements IBackupProvider "help" => gettext("A password to encrypt your configuration"), "value" => null ), + array( + "name" => "verify_ssl", + "type" => "checkbox", + "label" => gettext("Verify SSL certificate"), + "help" => gettext("Uncheck to allow self-signed or otherwise untrusted certificates. " . + "Only disable this if you trust the network path to the Nextcloud server."), + "value" => null + ), array( "name" => "backupdir", "type" => "text", @@ -691,6 +699,9 @@ class Nextcloud extends Base implements IBackupProvider $postdata = null, $headers = array("User-Agent: OPNsense Firewall") ) { + // verify_ssl defaults to '1' via the model definition (NextcloudSettings.xml), + // so unset/upgraded configs verify by default; only an explicit '0' disables it + $verify_ssl = (string)(new NextcloudSettings())->verify_ssl !== '0'; $curl = curl_init(); curl_setopt_array($curl, array( CURLOPT_URL => $url, @@ -701,6 +712,8 @@ class Nextcloud extends Base implements IBackupProvider CURLOPT_TIMEOUT => 60, // maximum time: 1 min CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1, CURLOPT_USERPWD => $username . ":" . $password, + CURLOPT_SSL_VERIFYPEER => $verify_ssl, + CURLOPT_SSL_VERIFYHOST => $verify_ssl ? 2 : 0, CURLOPT_HTTPHEADER => $headers )); if ($postdata != null) { diff --git a/sysutils/nextcloud-backup/src/opnsense/mvc/app/models/OPNsense/Backup/NextcloudSettings.xml b/sysutils/nextcloud-backup/src/opnsense/mvc/app/models/OPNsense/Backup/NextcloudSettings.xml index 8fa58d2b7..a6846f184 100644 --- a/sysutils/nextcloud-backup/src/opnsense/mvc/app/models/OPNsense/Backup/NextcloudSettings.xml +++ b/sysutils/nextcloud-backup/src/opnsense/mvc/app/models/OPNsense/Backup/NextcloudSettings.xml @@ -1,6 +1,6 @@ //system/backup/nextcloud - 1.0.2 + 1.0.3 OPNsense Nextcloud Backup Settings @@ -43,6 +43,9 @@ + + 1 + Y /^([\w%+\-]+\/)*[\w+%\-]+$/