Skip to content

Revert use the nextcloud certificate bundle for s3 #32942

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 2 commits into from
Closed

Revert use the nextcloud certificate bundle for s3 #32942

wants to merge 2 commits into from

Conversation

@kesselb
Copy link
Collaborator

@kesselb kesselb commented Jun 20, 2022

Reverts 194a21f
Reverts 1156214

By default the aws sdk validates certificate against the default CA bundle provided by the operating system: https://docs.aws.amazon.com/sdk-for-php/v3/developer-guide/guide_configuration.html#config-http

#31574 changed the behavior to use our internal certificate manager or the CA bundle shipped with Nextcloud. When you added a self signed certificate to the CA bundle provided by the operating system connections to your object store now fails. Using an internal CA is a common use case for enterprises.

I guess our best option for now is to restore the old behavior and look for a better approach. Maybe a configuration option to expose the verify option like suggested here: #32726

@kesselb kesselb self-assigned this Jun 20, 2022
@kesselb kesselb added bug 2. developing Work in progress labels Jun 20, 2022
kesselb added 2 commits June 20, 2022 17:46
@kesselb
Revert "don't try to get custom certs for s3 primary storage"
c0d88cb 
This reverts commit 1156214.

Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
@kesselb
Revert "use the nextcloud certificate bundle for s3"
22a74c2 
This reverts commit 194a21f.

Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
@kesselb kesselb force-pushed the bug/noid/default-certificate-s3 branch from a096398 to 22a74c2 Compare June 20, 2022 15:46
@kesselb kesselb added 3. to review Waiting for reviews and removed 2. developing Work in progress labels Jun 20, 2022
@kesselb kesselb mentioned this pull request Jun 21, 2022
Merged
@icewind1991
Copy link
Member

see #32963 (comment) for some related discussion

@PVince81
Copy link
Member

@icewind1991 can you clarify if this revert is still needed ? otherwise please close

@kesselb kesselb closed this Jul 27, 2022
@kesselb kesselb deleted the bug/noid/default-certificate-s3 branch July 27, 2022 15:41
@kesselb
Copy link
Collaborator Author

kesselb commented Jul 27, 2022

#32963 was updated to address the issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@icewind1991 icewind1991 Awaiting requested review from icewind1991

@PVince81 PVince81 Awaiting requested review from PVince81

@nickvergessen nickvergessen Awaiting requested review from nickvergessen

Assignees

@kesselb kesselb

Labels

3. to review Waiting for reviews bug

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@kesselb @icewind1991 @PVince81