Merge pull request #24171 from owncloud/stable8.2-certificate

[stable8.2] Ignore certificate file if it starts with file://

lib/private/security/certificate.php

@@ -50,6 +50,13 @@ class Certificate implements ICertificate {
 	public function __construct($data, $name) {
 		$this->name = $name;
 		$gmt = new \DateTimeZone('GMT');
+
+		// If string starts with "file://" ignore the certificate
+		$query = 'file://';
+		if(strtolower(substr($data, 0, strlen($query))) === $query) {
+			throw new \Exception('Certificate could not get parsed.');
+		}
+
 		$info = openssl_x509_parse($data);
 		if(!is_array($info)) {
 			throw new \Exception('Certificate could not get parsed.');

tests/lib/security/certificate.php

@@ -50,6 +50,14 @@ public function testBogusData() {
 		$certificate->getIssueDate();
 	}
 
+	/**
+	 * @expectedException \Exception
+	 * @expectedExceptionMessage Certificate could not get parsed.
+	 */
+	function testCertificateStartingWithFileReference() {
+		new Certificate('file://'.__DIR__ . '/../../data/certificates/goodCertificate.crt', 'bar');
+	}
+
 	public function testGetName() {
 		$this->assertSame('GoodCertificate', $this->goodCertificate->getName());
 		$this->assertSame('BadCertificate', $this->invalidCertificate->getName());