From d2d9ba7d923b26c90920a434987aecc1a88d6e04 Mon Sep 17 00:00:00 2001 From: Thomas Citharel Date: Sun, 14 Jan 2024 19:52:51 +0100 Subject: [PATCH] fix(certificate manager): add a simple fallback to store certificates in data directory CertificateManager doesn't work propertly if the files_external app is disabled, so let's store directly in /data/certificate_manager the bundled certificates. This always has to be done on local disk as curl currently requires a path to the cert bundle. When we require PHP 8.1 we will be able to simply store the certificate bundle in database/memory/cache and pass it through the CURLOPT_SSLCERT_BLOB option. Signed-off-by: Thomas Citharel --- lib/private/Security/CertificateManager.php | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/lib/private/Security/CertificateManager.php b/lib/private/Security/CertificateManager.php index cf5f0f41d56a6..5aad92548ff7b 100644 --- a/lib/private/Security/CertificateManager.php +++ b/lib/private/Security/CertificateManager.php @@ -34,6 +34,7 @@ use OC\Files\Filesystem; use OC\Files\View; +use OCP\App\IAppManager; use OCP\ICertificate; use OCP\ICertificateManager; use OCP\IConfig; @@ -51,6 +52,7 @@ public function __construct( protected IConfig $config, protected LoggerInterface $logger, protected ISecureRandom $random, + protected IAppManager $appManager ) { } @@ -249,7 +251,14 @@ public function getAbsoluteBundlePath(): string { } private function getPathToCertificates(): string { - return '/files_external/'; + if ($this->appManager->isAppLoaded('files_external')) { + return '/files_external/'; + } + $fallbackPath = \OC::$SERVERROOT . '/data/certificate_manager'; + if (!is_dir($fallbackPath) && false === @mkdir($fallbackPath, 0644, true) && !is_dir($fallbackPath)) { + throw new \RuntimeException(sprintf('Unable to create the certificate bundle storage directory (%s).', $fallbackPath)); + } + return $fallbackPath; } /**