Merge pull request #3983 from nextcloud/remove-owncloud-root-cert-as-per-todo
Remove ownCloud Root Authority as per todo
This commit is contained in:
commit
11c4875190
|
@ -347,14 +347,7 @@ class Checker {
|
||||||
$x509->loadCA($rootCertificatePublicKey);
|
$x509->loadCA($rootCertificatePublicKey);
|
||||||
$x509->loadX509($certificate);
|
$x509->loadX509($certificate);
|
||||||
if(!$x509->validateSignature()) {
|
if(!$x509->validateSignature()) {
|
||||||
// FIXME: Once Nextcloud has it's own appstore we should remove the ownCloud Root Authority from here
|
throw new InvalidSignatureException('Certificate is not valid.');
|
||||||
$x509 = new \phpseclib\File\X509();
|
|
||||||
$rootCertificatePublicKey = $this->fileAccessHelper->file_get_contents($this->environmentHelper->getServerRoot().'/resources/codesigning/owncloud.crt');
|
|
||||||
$x509->loadCA($rootCertificatePublicKey);
|
|
||||||
$x509->loadX509($certificate);
|
|
||||||
if(!$x509->validateSignature()) {
|
|
||||||
throw new InvalidSignatureException('Certificate is not valid.');
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
// Verify if certificate has proper CN. "core" CN is always trusted.
|
// Verify if certificate has proper CN. "core" CN is always trusted.
|
||||||
if($x509->getDN(X509::DN_OPENSSL)['CN'] !== $certificateCN && $x509->getDN(X509::DN_OPENSSL)['CN'] !== 'core') {
|
if($x509->getDN(X509::DN_OPENSSL)['CN'] !== $certificateCN && $x509->getDN(X509::DN_OPENSSL)['CN'] !== 'core') {
|
||||||
|
|
Loading…
Reference in New Issue