From 68b9493a51681fbeb22f949d5d571e853bfe143b Mon Sep 17 00:00:00 2001
From: Daniel Kesselberg <mail@danielkesselberg.de>
Date: Wed, 16 Jul 2025 12:36:45 +0200
Subject: [PATCH] fix(federation): respect
 sharing.federation.allowSelfSignedCertificates for address book sync

The configuration option, to accept self-signed certificates, is now also used when syncing address books.

Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
---
 apps/dav/lib/CardDAV/SyncService.php | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/apps/dav/lib/CardDAV/SyncService.php b/apps/dav/lib/CardDAV/SyncService.php
index c31a70b2aa56d..4a75f8ced6cc8 100644
--- a/apps/dav/lib/CardDAV/SyncService.php
+++ b/apps/dav/lib/CardDAV/SyncService.php
@@ -168,7 +168,8 @@ protected function requestSyncReport(string $url, string $userName, string $addr
 			'auth' => [$userName, $sharedSecret],
 			'body' => $this->buildSyncCollectionRequestBody($syncToken),
 			'headers' => ['Content-Type' => 'application/xml'],
-			'timeout' => $this->config->getSystemValueInt('carddav_sync_request_timeout', IClient::DEFAULT_REQUEST_TIMEOUT)
+			'timeout' => $this->config->getSystemValueInt('carddav_sync_request_timeout', IClient::DEFAULT_REQUEST_TIMEOUT),
+			'verify' => !$this->config->getSystemValue('sharing.federation.allowSelfSignedCertificates', false),
 		];
 
 		$response = $client->request(
@@ -189,6 +190,7 @@ protected function download(string $url, string $userName, string $sharedSecret,
 
 		$options = [
 			'auth' => [$userName, $sharedSecret],
+			'verify' => !$this->config->getSystemValue('sharing.federation.allowSelfSignedCertificates', false),
 		];
 
 		$response = $client->get(