Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Deleting all SSL root certificates breaks curl requests #15710

Closed
oparoz opened this issue Apr 17, 2015 · 13 comments
Closed

Deleting all SSL root certificates breaks curl requests #15710

oparoz opened this issue Apr 17, 2015 · 13 comments

Comments

@oparoz
Copy link
Contributor

oparoz commented Apr 17, 2015

Env

Master, PHP 5.5

Steps to reproduce

As a non-admin user

  1. Install a root certificate
  2. Delete the certificate
  3. Try to connect to a remote share

Expected behaviour

Files should be able to connect to all the remote folders

Actual behaviour

Instead, this is what is shown in the browser logs
"Sabre\DAV\Exception: [CURL] Error while making request: error setting certificate verify locations: CAfile: /www/data/demo1/files_external/rootcerts.crt CApath: none (error code: 77)"

That rootcerts.crt file weighs 0 bytes. Deleting it solves the problem.
Not sure if it's a regression or if it's always been like this.

@nickvergessen
Copy link
Contributor

@LukasReschke

@LukasReschke LukasReschke added this to the 8.1-current milestone Apr 18, 2015
@LukasReschke LukasReschke self-assigned this Apr 18, 2015
@LukasReschke
Copy link
Member

Probably a "somewhat" regression. Stable releases actually don't do SSL really properly wrt to this storage etc.

Will fix this for 8.1

@karlitschek
Copy link
Contributor

@LukasReschke What is the status here? 8.1 is here very soon :-)

@LukasReschke
Copy link
Member

On current master:

  1. Go to personal settings
  2. Upload root certificates
  3. Remove the root certificates
  4. data/admin/files_external/rootcerts.crt is still valid

@oparoz May I ask you to recheck this and if this still fails for you give me some guidance on what we did different? 😄

@oparoz
Copy link
Contributor Author

oparoz commented May 12, 2015

@LukasReschke - I'll give it another go later, but when you say that data/admin/files_external/rootcerts.crt is still valid, what does it contain?

@LukasReschke
Copy link
Member

@LukasReschke - I'll give it another go later, but when you say that data/admin/files_external/rootcerts.crt is still valid, what does it contain?

The content from ca-bundle.crt in the config folder.

@oparoz
Copy link
Contributor Author

oparoz commented May 12, 2015

Ah, yeah, but that's a recently introduced feature if I'm not mistaken, so that should work now.
I'll keep you posted.

@oparoz
Copy link
Contributor Author

oparoz commented May 12, 2015

OK, I can't even install the certificate and will file a separate bug first...

@oparoz
Copy link
Contributor Author

oparoz commented May 12, 2015

@LukasReschke - #16288

@oparoz
Copy link
Contributor Author

oparoz commented May 12, 2015

As an admin, rootcerts.crt is now populated with the bundle, so there is hope :)

@oparoz
Copy link
Contributor Author

oparoz commented May 12, 2015

With #16289, I was able to install and remove certs as a user and the rootcerts.crt is never empty, so this was fixed when the bundle was introduced. Thank you!

@oparoz oparoz closed this as completed May 12, 2015
@LukasReschke
Copy link
Member

Great. Thanks for confirmation 💃

Though this is still completely broken in any other version than master but that is nothing we can backport. 🙈

@oparoz
Copy link
Contributor Author

oparoz commented May 12, 2015

Yeah, it's a shame because that means people will have to wait for all their contacts to upgrade to 8.1 before being able to securely share files, but that should only take a few months.

@lock lock bot locked as resolved and limited conversation to collaborators Aug 11, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

No branches or pull requests

4 participants