diff --git a/lib/private/Files/ObjectStore/S3ConnectionTrait.php b/lib/private/Files/ObjectStore/S3ConnectionTrait.php index c3836749c6d98..8286321450ddd 100644 --- a/lib/private/Files/ObjectStore/S3ConnectionTrait.php +++ b/lib/private/Files/ObjectStore/S3ConnectionTrait.php @@ -28,6 +28,7 @@ * along with this program. If not, see . * */ + namespace OC\Files\ObjectStore; use Aws\ClientResolver; @@ -121,15 +122,6 @@ public function getConnection() { ) ); - // since we store the certificate bundles on the primary storage, we can't get the bundle while setting up the primary storage - if (!isset($this->params['primary_storage'])) { - /** @var ICertificateManager $certManager */ - $certManager = \OC::$server->get(ICertificateManager::class); - $certPath = $certManager->getAbsoluteBundlePath(); - } else { - $certPath = \OC::$SERVERROOT . '/resources/config/ca-bundle.crt'; - } - $options = [ 'version' => isset($this->params['version']) ? $this->params['version'] : 'latest', 'credentials' => $provider, @@ -139,7 +131,7 @@ public function getConnection() { 'signature_provider' => \Aws\or_chain([self::class, 'legacySignatureProvider'], ClientResolver::_default_signature_provider()), 'csm' => false, 'use_arn_region' => false, - 'http' => ['verify' => $certPath], + 'http' => ['verify' => $this->getCertificateBundlePath()], ]; if ($this->getProxy()) { $options['http']['proxy'] = $this->getProxy(); @@ -152,7 +144,7 @@ public function getConnection() { if (!$this->connection::isBucketDnsCompatible($this->bucket)) { $logger = \OC::$server->get(LoggerInterface::class); $logger->debug('Bucket "' . $this->bucket . '" This bucket name is not dns compatible, it may contain invalid characters.', - ['app' => 'objectstore']); + ['app' => 'objectstore']); } if ($this->params['verify_bucket_exists'] && !$this->connection->doesBucketExist($this->bucket)) { @@ -203,7 +195,7 @@ public static function legacySignatureProvider($version, $service, $region) { /** * This function creates a credential provider based on user parameter file */ - protected function paramCredentialProvider() : callable { + protected function paramCredentialProvider(): callable { return function () { $key = empty($this->params['key']) ? null : $this->params['key']; $secret = empty($this->params['secret']) ? null : $this->params['secret']; @@ -218,4 +210,19 @@ protected function paramCredentialProvider() : callable { return new RejectedPromise(new CredentialsException($msg)); }; } + + protected function getCertificateBundlePath(): ?string { + if ((int)($this->params['use_nextcloud_bundle'] ?? "0")) { + // since we store the certificate bundles on the primary storage, we can't get the bundle while setting up the primary storage + if (!isset($this->params['primary_storage'])) { + /** @var ICertificateManager $certManager */ + $certManager = \OC::$server->get(ICertificateManager::class); + return $certManager->getAbsoluteBundlePath(); + } else { + return \OC::$SERVERROOT . '/resources/config/ca-bundle.crt'; + } + } else { + return null; + } + } } diff --git a/lib/private/Files/ObjectStore/S3ObjectTrait.php b/lib/private/Files/ObjectStore/S3ObjectTrait.php index 4e54a26e98a89..0b2fd95c652ba 100644 --- a/lib/private/Files/ObjectStore/S3ObjectTrait.php +++ b/lib/private/Files/ObjectStore/S3ObjectTrait.php @@ -43,6 +43,8 @@ trait S3ObjectTrait { */ abstract protected function getConnection(); + abstract protected function getCertificateBundlePath(): ?string; + /** * @param string $urn the unified resource name used to identify the object * @return resource stream with the read data @@ -68,6 +70,9 @@ public function readObject($urn) { 'protocol_version' => $request->getProtocolVersion(), 'header' => $headers, ], + 'ssl' => [ + 'cafile' => $this->getCertificateBundlePath() + ] ]; if ($this->getProxy()) {