wbrawner/server
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge pull request #3983 from nextcloud/remove-owncloud-root-cert-as-per-todo

Browse source 
Remove ownCloud Root Authority as per todo
This commit is contained in:
Roeland Jago Douma 2017-03-22 12:33:24 +01:00 committed by GitHub
commit 11c4875190
1 changed files with 1 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
lib/private/IntegrityCheck/Checker.php
View file

@ -347,14 +347,7 @@ class Checker {
$x509->loadCA($rootCertificatePublicKey);
$x509->loadX509($certificate);
if(!$x509->validateSignature()) {
// FIXME: Once Nextcloud has it's own appstore we should remove the ownCloud Root Authority from here
$x509 = new \phpseclib\File\X509();
$rootCertificatePublicKey = $this->fileAccessHelper->file_get_contents($this->environmentHelper->getServerRoot().'/resources/codesigning/owncloud.crt');
$x509->loadCA($rootCertificatePublicKey);
$x509->loadX509($certificate);
if(!$x509->validateSignature()) {
throw new InvalidSignatureException('Certificate is not valid.');
}
throw new InvalidSignatureException('Certificate is not valid.');
}
// Verify if certificate has proper CN. "core" CN is always trusted.
if($x509->getDN(X509::DN_OPENSSL)['CN'] !== $certificateCN && $x509->getDN(X509::DN_OPENSSL)['CN'] !== 'core') {