only use nextcloud bundle when explicitly enabled

icewind1991 · icewind1991 · commit f1486890d739 · 2022-07-05T16:06:55.000+02:00
Signed-off-by: Robin Appelman &lt;robin@icewind.nl&gt;
diff --git a/lib/private/Files/ObjectStore/S3ConnectionTrait.php b/lib/private/Files/ObjectStore/S3ConnectionTrait.php
@@ -28,6 +28,7 @@
  * along with this program. If not, see <http://www.gnu.org/licenses/>.
  *
  */
+
 namespace OC\Files\ObjectStore;
 
 use Aws\ClientResolver;
@@ -143,7 +144,7 @@ public function getConnection() {
 		if (!$this->connection::isBucketDnsCompatible($this->bucket)) {
 			$logger = \OC::$server->get(LoggerInterface::class);
 			$logger->debug('Bucket "' . $this->bucket . '" This bucket name is not dns compatible, it may contain invalid characters.',
-					 ['app' => 'objectstore']);
+				['app' => 'objectstore']);
 		}
 
 		if ($this->params['verify_bucket_exists'] && !$this->connection->doesBucketExist($this->bucket)) {
@@ -194,7 +195,7 @@ public static function legacySignatureProvider($version, $service, $region) {
 	/**
 	 * This function creates a credential provider based on user parameter file
 	 */
-	protected function paramCredentialProvider() : callable {
+	protected function paramCredentialProvider(): callable {
 		return function () {
 			$key = empty($this->params['key']) ? null : $this->params['key'];
 			$secret = empty($this->params['secret']) ? null : $this->params['secret'];
@@ -210,14 +211,18 @@ protected function paramCredentialProvider() : callable {
 		};
 	}
 
-	protected function getCertificateBundlePath(): string {
-		// since we store the certificate bundles on the primary storage, we can't get the bundle while setting up the primary storage
-		if (!isset($this->params['primary_storage'])) {
-			/** @var ICertificateManager $certManager */
-			$certManager = \OC::$server->get(ICertificateManager::class);
-			return $certManager->getAbsoluteBundlePath();
+	protected function getCertificateBundlePath(): ?string {
+		if ((int)($this->params['use_nextcloud_bundle'] ?? "0")) {
+			// since we store the certificate bundles on the primary storage, we can't get the bundle while setting up the primary storage
+			if (!isset($this->params['primary_storage'])) {
+				/** @var ICertificateManager $certManager */
+				$certManager = \OC::$server->get(ICertificateManager::class);
+				return $certManager->getAbsoluteBundlePath();
+			} else {
+				return \OC::$SERVERROOT . '/resources/config/ca-bundle.crt';
+			}
 		} else {
-			return \OC::$SERVERROOT . '/resources/config/ca-bundle.crt';
+			return null;
 		}
 	}
 }
diff --git a/lib/private/Files/ObjectStore/S3ObjectTrait.php b/lib/private/Files/ObjectStore/S3ObjectTrait.php
@@ -43,7 +43,7 @@ trait S3ObjectTrait {
 	 */
 	abstract protected function getConnection();
 
-	abstract protected function getCertificateBundlePath(): string;
+	abstract protected function getCertificateBundlePath(): ?string;
 
 	/**
 	 * @param string $urn the unified resource name used to identify the object
