From c6945666ca0df7e6331ede756d0bf5b69f7309bb Mon Sep 17 00:00:00 2001
From: Jan Messer <jan@mtec-studios.ch>
Date: Fri, 11 Nov 2022 02:52:32 +0100
Subject: [PATCH 1/3] [BUGFIX] check return value and improve error handling

With S3 primary storage there was a problem with getting the CA bundle from the storage without having the CA bundle for the connection which causes that the CertificateManager was throwing an Error.
This commit improves the handling in CertificateManager and log unexpected behaviors.

Signed-off-by: Jan Messer <jan@mtec-studios.ch>
---
 lib/private/Security/CertificateManager.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lib/private/Security/CertificateManager.php b/lib/private/Security/CertificateManager.php
index fa26c19ceae84..f1107130887cb 100644
--- a/lib/private/Security/CertificateManager.php
+++ b/lib/private/Security/CertificateManager.php
@@ -238,7 +238,7 @@ public function getCertificateBundle(): string {
 	 */
 	public function getAbsoluteBundlePath(): string {
 		try {
-			if (!$this->bundlePath) {
+			if ($this->bundlePath === null) {
 				if (!$this->hasCertificates()) {
 					$this->bundlePath = \OC::$SERVERROOT . '/resources/config/ca-bundle.crt';
 				}
@@ -251,6 +251,7 @@ public function getAbsoluteBundlePath(): string {
 			}
 			return $this->bundlePath;
 		} catch (\Exception $e) {
+			$this->logger->error('Failed to get absolute bundle path. Fallback to default ca-bundle.crt', ['exception' => $e]);
 			return \OC::$SERVERROOT . '/resources/config/ca-bundle.crt';
 		}
 	}

From 662dcfffd67ffada282627711d98a3089eee7d71 Mon Sep 17 00:00:00 2001
From: Jan Messer <jan@mtec-studios.ch>
Date: Tue, 4 Apr 2023 22:01:35 +0200
Subject: [PATCH 2/3] [BUGFIX] throw exception instead of error if unable to
 create file handler (only exceptions are catch)

Signed-off-by: Jan Messer <jan@mtec-studios.ch>
---
 lib/private/Security/CertificateManager.php | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/lib/private/Security/CertificateManager.php b/lib/private/Security/CertificateManager.php
index f1107130887cb..f22a06641de09 100644
--- a/lib/private/Security/CertificateManager.php
+++ b/lib/private/Security/CertificateManager.php
@@ -147,6 +147,10 @@ public function createCertificateBundle(): void {
 		$tmpPath = $certPath . '.tmp' . $this->random->generate(10, ISecureRandom::CHAR_DIGITS);
 		$fhCerts = $this->view->fopen($tmpPath, 'w');
 
+		if (!is_resource($fhCerts)) {
+			throw new \RuntimeException('Unable to open file handler to create certificate bundle "' . $tmpPath . '".');
+		}
+
 		// Write user certificates
 		foreach ($certs as $cert) {
 			$file = $path . '/uploads/' . $cert->getName();

From 8f7c7b3cc8884e07b2f91d0fa9ff168d1a4e335e Mon Sep 17 00:00:00 2001
From: Git'Fellow <12234510+solracsf@users.noreply.github.com>
Date: Thu, 4 May 2023 22:29:03 +0200
Subject: [PATCH 3/3] Fix conflicts

Signed-off-by: Git'Fellow <12234510+solracsf@users.noreply.github.com>
---
 lib/private/Security/CertificateManager.php | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/lib/private/Security/CertificateManager.php b/lib/private/Security/CertificateManager.php
index f22a06641de09..6db12f9016b4f 100644
--- a/lib/private/Security/CertificateManager.php
+++ b/lib/private/Security/CertificateManager.php
@@ -251,7 +251,12 @@ public function getAbsoluteBundlePath(): string {
 					$this->createCertificateBundle();
 				}
 
-				$this->bundlePath = $this->view->getLocalFile($this->getCertificateBundle());
+				$certificateBundle = $this->getCertificateBundle();
+				$this->bundlePath = $this->view->getLocalFile($certificateBundle) ?: null;
+				
+				if ($this->bundlePath === null) {
+					throw new \RuntimeException('Unable to get certificate bundle "' . $certificateBundle . '".');
+				}
 			}
 			return $this->bundlePath;
 		} catch (\Exception $e) {