Skip to content

feat(CertificateManager): Add option to specify the default certificates bundle path #52749

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
AndyScherzinger merged 1 commit into from
Dec 1, 2025
Merged

feat(CertificateManager): Add option to specify the default certificates bundle path #52749

AndyScherzinger merged 1 commit into from
Dec 1, 2025

Conversation

@provokateurin
Copy link
Member

@provokateurin provokateurin commented May 11, 2025

Summary

Currently it's not possible for admins to reject certificates that are part of the default bundle shipped by Nextcloud.
This option allows specifying the default bundle which in turn allows admins to use the system bundle which they might customize to include self-signed certificates and which might also get faster security updates (without even updating Nextcloud).

Checklist

@provokateurin provokateurin added this to the Nextcloud 32 milestone May 11, 2025
@provokateurin provokateurin requested a review from a team as a code owner May 11, 2025 14:43
@provokateurin provokateurin requested review from skjnldsv, sorbaugh and yemkareems and removed request for a team May 11, 2025 14:43
@provokateurin provokateurin mentioned this pull request May 11, 2025
Closed
13 tasks
@kesselb
Copy link
Contributor

kesselb commented May 11, 2025

Thanks for taking care! I think that change is a really good initiative. As I mentioned in #32963 a while ago, I think it's weird to have our own certificate management, and it makes the administrator's life harder. I'm aware of the issues we had with certificates, especially when running ancient enterprise Linux distributions with outdated bundles, but those infrastructure issues should not justify reinventing the wheel. Nevertheless, a configuration option to opt-out and rely on the system's default is a great start, and I'd recommend accepting it.

This was referenced Aug 22, 2025
Merged
Merged
Merged
This was referenced Sep 2, 2025
Merged
Merged
@nextcloud-bot nextcloud-bot mentioned this pull request Sep 10, 2025
Merged
@nextcloud-bot nextcloud-bot mentioned this pull request Sep 18, 2025
Merged
This was referenced Sep 25, 2025
Merged
Merged
@skjnldsv skjnldsv modified the milestones: Nextcloud 32, Nextcloud 33 Sep 28, 2025
provokateurin
provokateurin commented Nov 13, 2025
View reviewed changes
miaulalala
miaulalala approved these changes Nov 13, 2025
View reviewed changes
Copy link
Contributor

@miaulalala miaulalala left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Neat!

@provokateurin provokateurin mentioned this pull request Nov 14, 2025
Draft
6 tasks
@provokateurin provokateurin force-pushed the feat/certificatemanager/default-bundle-path-option branch from cacc724 to fa270b8 Compare November 14, 2025 09:07
@provokateurin provokateurin force-pushed the feat/certificatemanager/default-bundle-path-option branch from fa270b8 to 0c3a872 Compare December 1, 2025 09:51
@provokateurin
Copy link
Member Author

provokateurin commented Dec 1, 2025

/backport to stable32

@provokateurin
Copy link
Member Author

provokateurin commented Dec 1, 2025

/backport to stable31

@provokateurin
Copy link
Member Author

provokateurin commented Dec 1, 2025

/backport to stable30

@AndyScherzinger AndyScherzinger merged commit c683862 into master Dec 1, 2025
205 of 216 checks passed
@AndyScherzinger AndyScherzinger deleted the feat/certificatemanager/default-bundle-path-option branch December 1, 2025 10:48
This was referenced Dec 1, 2025
Merged
Merged
Merged
This was referenced Dec 1, 2025
Merged
Draft
Draft
Draft
Draft
Draft
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@artonge artonge artonge approved these changes

@miaulalala miaulalala miaulalala approved these changes

@nickvergessen nickvergessen Awaiting requested review from nickvergessen

@skjnldsv skjnldsv Awaiting requested review from skjnldsv skjnldsv is a code owner automatically assigned from nextcloud/server-backend

@yemkareems yemkareems Awaiting requested review from yemkareems yemkareems is a code owner automatically assigned from nextcloud/server-backend

@sorbaugh sorbaugh Awaiting requested review from sorbaugh sorbaugh is a code owner automatically assigned from nextcloud/server-backend

@salmart-dev salmart-dev Awaiting requested review from salmart-dev

@come-nc come-nc Awaiting requested review from come-nc

Assignees

No one assigned

Labels

3. to review Waiting for reviews enhancement

Projects

None yet

Milestone

Nextcloud 33

Development

Successfully merging this pull request may close these issues.

7 participants

@provokateurin @kesselb @artonge @miaulalala @AndyScherzinger @skjnldsv