Revert use the nextcloud certificate bundle for s3 #32942
Closed
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Reverts 194a21f
Reverts 1156214
By default the aws sdk validates certificate against the default CA bundle provided by the operating system: https://docs.aws.amazon.com/sdk-for-php/v3/developer-guide/guide_configuration.html#config-http
#31574 changed the behavior to use our internal certificate manager or the CA bundle shipped with Nextcloud. When you added a self signed certificate to the CA bundle provided by the operating system connections to your object store now fails. Using an internal CA is a common use case for enterprises.
I guess our best option for now is to restore the old behavior and look for a better approach. Maybe a configuration option to expose the verify option like suggested here: #32726