[BUGFIX] check return value and improve error handling

With S3 primary storage there was a problem with getting the CA bundle from the storage without having the CA bundle for the connection which causes that the CertificateManager was throwing an Error. This commit improves the handling in CertificateManager and log unexpected behaviors. Signed-off-by: Jan Messer <jan@mtec-studios.ch>
nextcloud · Apr 6, 2023 · 7a44386 · 7a44386
1 parent 0126247
commit 7a44386
Showing 1 changed file with 8 additions and 5 deletions.
diff --git a/lib/private/Security/CertificateManager.php b/lib/private/Security/CertificateManager.php
@@ -228,7 +228,7 @@ public function getCertificateBundle(): string {
  */
  public function getAbsoluteBundlePath(): string {
  try {
- if (!$this->bundlePath) {
+ if ($this->bundlePath === null) {
  if (!$this->hasCertificates()) {
  $this->bundlePath = \OC::$SERVERROOT . '/resources/config/ca-bundle.crt';
  }
@@ -237,13 +237,16 @@ public function getAbsoluteBundlePath(): string {
  $this->createCertificateBundle();
  }
 
- $this->bundlePath = $this->view->getLocalFile($this->getCertificateBundle()) ?: null;
- }
- if ($this->bundlePath === null) {
- throw new \Exception('Failed to get absolute bundle path');
+ $certificateBundle = $this->getCertificateBundle();
+ $this->bundlePath = $this->view->getLocalFile($certificateBundle) ?: null;
+
+ if ($this->bundlePath === null) {
+ throw new \RuntimeException('Unable to get certificate bundle "' . $certificateBundle . '".');
+ }
  }
  return $this->bundlePath;
  } catch (\Exception $e) {
+ $this->logger->error('Failed to get absolute bundle path. Fallback to default ca-bundle.crt', ['exception' => $e]);
  return \OC::$SERVERROOT . '/resources/config/ca-bundle.crt';
  }
  }