fix: Allow to disable ssl verification for object storage

Signed-off-by: Julius Härtl <jus@bitgrid.net>

lib/private/Files/ObjectStore/S3ConnectionTrait.php

@@ -51,6 +51,7 @@ protected function parseParams($params) {
  $params['port'] = (isset($params['use_ssl']) && $params['use_ssl'] === false) ? 80 : 443;
  }
  $params['verify_bucket_exists'] = $params['verify_bucket_exists'] ?? true;
+ $params['ssl_verify'] = $params['ssl_verify'] ?? true;
 
  if ($params['s3-accelerate']) {
  $params['verify_bucket_exists'] = false;
@@ -100,7 +101,7 @@ public function getConnection() {
  'csm' => false,
  'use_arn_region' => false,
  'http' => [
- 'verify' => $this->getCertificateBundlePath(),
+ 'verify' => $this->params['ssl_verify'] ? $this->getCertificateBundlePath() : false,
  // Timeout for the connection to S3 server, not for the request.
  'connect_timeout' => 5
  ],

lib/private/Files/ObjectStore/S3ObjectTrait.php

@@ -54,7 +54,8 @@ public function readObject($urn) {
  'http' => [
  'protocol_version' => $request->getProtocolVersion(),
  'header' => $headers,
- ]
+ ],
+ 'ssl' => [],
  ];
  $bundle = $this->getCertificateBundlePath();
  if ($bundle) {
@@ -63,6 +64,10 @@ public function readObject($urn) {
  ];
  }
 
+ if ($this->params['ssl_verify'] === false) {
+ $opts['ssl']['verify_peer'] = false;
+ }
+
  if ($this->getProxy()) {
  $opts['http']['proxy'] = $this->getProxy();
  $opts['http']['request_fulluri'] = true;