Merge pull request #38091 from nextcloud/backport/35092/stable26

[stable26] Check return value and improve error handling on certificate manager

lib/private/Security/CertificateManager.php

@@ -147,6 +147,10 @@ public function createCertificateBundle(): void {
  $tmpPath = $certPath . '.tmp' . $this->random->generate(10, ISecureRandom::CHAR_DIGITS);
  $fhCerts = $this->view->fopen($tmpPath, 'w');
 
+ if (!is_resource($fhCerts)) {
+ throw new \RuntimeException('Unable to open file handler to create certificate bundle "' . $tmpPath . '".');
+ }
+
  // Write user certificates
  foreach ($certs as $cert) {
  $file = $path . '/uploads/' . $cert->getName();
@@ -238,7 +242,7 @@ public function getCertificateBundle(): string {
  */
  public function getAbsoluteBundlePath(): string {
  try {
- if (!$this->bundlePath) {
+ if ($this->bundlePath === null) {
  if (!$this->hasCertificates()) {
  $this->bundlePath = \OC::$SERVERROOT . '/resources/config/ca-bundle.crt';
  }
@@ -247,10 +251,16 @@ public function getAbsoluteBundlePath(): string {
  $this->createCertificateBundle();
  }
 
- $this->bundlePath = $this->view->getLocalFile($this->getCertificateBundle());
+ $certificateBundle = $this->getCertificateBundle();
+ $this->bundlePath = $this->view->getLocalFile($certificateBundle) ?: null;
+
+ if ($this->bundlePath === null) {
+ throw new \RuntimeException('Unable to get certificate bundle "' . $certificateBundle . '".');
+ }
  }
  return $this->bundlePath;
  } catch (\Exception $e) {
+ $this->logger->error('Failed to get absolute bundle path. Fallback to default ca-bundle.crt', ['exception' => $e]);
  return \OC::$SERVERROOT . '/resources/config/ca-bundle.crt';
  }
  }