Check return value and improve error handling on certificate manager #35092
Conversation
|
/backport to stable25 |
|
/backport to stable24 |
|
/backport to stable23 |
|
Hi and thanks for your pull request 👍 I would prefer not to use Would you mind updating the PR to throw an exception (one from https://www.php.net/manual/en/spl.exceptions.php should do it) when bundlePath is false. |
|
@kesselb I don't see the reasons to make those changes since they don't improve or fix something. Maybe unofficial guideline? The developer manual itself has contains no chapter how to handle exception only how to throw them. There are 2 change requests:
Reason? I think it is more robust if we left the
Your Idea is to throw an if ($bundlePath === false) {
+ throw(new \RuntimeException("Unable to get certificate bundle '" . $certificateBundle . "'. Fallback to default ca-bundle.crt"));
- $this->logger->warning("Unable to get certificate bundle '" . $certificateBundle . "'. Fallback to default ca-bundle.crt");
- return \OC::$SERVERROOT . '/resources/config/ca-bundle.crt';
}
$this->bundlePath = $bundlePath;
}
return $this->bundlePath;
} catch (\Throwable $e) {
$this->logger->error("Error occurred during fetch certificate bundle. Fallback to default ca-bundle.crt", ['exception' => $e]);
return \OC::$SERVERROOT . '/resources/config/ca-bundle.crt';
}
Reason? The idea was to handle the "exception" directly since it is a known return value. IMHO this it is not directly an error since the source of this exception is unknown and it could be something simple like a poor connection. https://www.php-fig.org/psr/psr-3/
|
https://stackoverflow.com/questions/6083248/is-it-a-bad-practice-to-catch-throwable is a good read.
The actual bug, that we are not handling getLocalFile properly, would be much harder to spot with catch throwable.
I find it easier to read when the error handling is in one place, especially for the same error handling. |
First of all. It's an opinion to let the script die. Then the end user see an error. => But this behavior seems not to be user friendly.
Yes, the bug was occurred cause of incorrect handling. 👍 Will change it.
Thought the same as I started to write the code. Then I asked myself: Is this an error since it is legal to have @kesselb Simple question: Is this an error or warning?
|
|
There is another unhandled case with View.php public function getLocalFile($path) {
...
if (Filesystem::isValidPath($parent) and $storage) {
return $storage->getLocalFile($internalPath);
} else {
return null;
}
}@kesselb Should this lead to fallback? Currently the function returns So the new if condition would be something like this: + if ($bundlePath === null || $bundlePath === false) {
- if ($bundlePath === false) { |
|
One thing I would change is the logic with has Certificates. Currently if there are no certificates it caches the "system" ca bundle. And then it tries to write it in the storage. Is there any reason for that behavior since the files are then the same. The public function getAbsoluteBundlePath(): string {
- try {
if ($this->bundlePath === null) {
+ try {
- if (!$this->hasCertificates()) {
- $this->bundlePath = \OC::$SERVERROOT . '/resources/config/ca-bundle.crt';
- }
+ if ($this->hasCertificates()) {
if ($this->needsRebundling()) {
$this->createCertificateBundle();
}
$certificateBundle = $this->getCertificateBundle();
$bundlePath = $this->view->getLocalFile($certificateBundle);
if ($bundlePath === null) {
throw(new \RuntimeException("Unable to get certificate bundle cause of invalid path or nonexistent storage '" . $certificateBundle . "'."));
} else if ($bundlePath === false) {
throw(new \RuntimeException("Unable to get certificate bundle '" . $certificateBundle . "'."));
}
$this->bundlePath = $bundlePath;
+ } else {
+ $this->bundlePath = \OC::$SERVERROOT . '/resources/config/ca-bundle.crt';
+ }
- }
- return $this->bundlePath;
} catch (\Exception $e) {
$this->logger->error("Error occurred during fetch certificate bundle. Fallback to default ca-bundle.crt", ['exception' => $e]);
return \OC::$SERVERROOT . '/resources/config/ca-bundle.crt';
}
+ }
+ return $this->bundlePath;
}Another Task is to handle the following error since it isn't honest to return an invalid fallback. public function createCertificateBundle(): void {
...
$defaultCertificates = file_get_contents(\OC::$SERVERROOT . '/resources/config/ca-bundle.crt');
if (strlen($defaultCertificates) < 1024) { // sanity check to verify that we have some content for our bundle
// log as exception so we have a stacktrace
$e = new \Exception('Shipped ca-bundle is empty, refusing to create certificate bundle');
$this->logger->error($e->getMessage(), ['exception' => $e]);
return;
}Last but not least there are plenty of incomplete phpdoc for Example in the View::getLocalFile - * @return string
+ * @return string|null|false
+ * @throws InvalidPathException
+ * @throws NotFoundException if no mount for path existing
+ * @throws HintException
+ * @throws ServerNotAvailableException
+ * @throws \Exception if no user home storage got configured
+ * @throws \Exception if mount provider name exceeds the limit of 128 characters
+ * @throws \Exception if the result from storage wrapper was invalid
+ * @throws \Exception in general if storage got problem with plenty of concrete exceptions
+ * @throws \Exception if the root storage could not be initializedBut I think those task aren't fit into this pull request.? |
|
Thanks for your feedback 👍 Some context why we ship a ca-bundle copy: #32963 Documentation for
I don't have an opinion here.
It's possible to import certificates with server/lib/private/Security/CertificateManager.php Lines 246 to 248 in f95aa23 I believe this block is mostly relevant for an update situation. server/lib/private/Security/CertificateManager.php Lines 241 to 252 in f95aa23 You are right, this looks weird.
True. #2910 (comment) sounds unusual.
Yes. Should be done in another one. |
|
@kesselb So it is like it now is. An Error 😄 The CI pipeline errors are not mine:
So there are following tasks left:
I think the idea was to regenerate certificate bundle if it is missing. But is it nonsense since the Will open new Issue with that.
I think we should at least backport an deprecated warning. So user will be informed if they use this API. Any suggestions?
|
|
@kesselb I forgot to sign all my commits. They are not verified in github. Should I sign them with rebase and use force push to correct it? |
Go ahead if you want to sign them but it's not necessary for us. |
|
Hi, please rebase onto master to pull the latest changes to fix some CI failures. |
Messj1
force-pushed
the
bugfix/type-error-cert-manager-cache-path
branch
from
1bdd8d9 to
f2269a0
Compare
|
@pserwylo What went wrong on performance testing? https://github.com/nextcloud/server/actions/runs/3644023086/jobs/6158316871 If works local on my computer without warnings and error if I try to reproduce the error. 😒 |
|
@Messj1 Performance testing is not a required check yet. It's fine to ignore it for now. |
|
/rebase |
Messj1
force-pushed
the
bugfix/type-error-cert-manager-cache-path
branch
from
f2269a0 to
32603da
Compare
With S3 primary storage there was a problem with getting the CA bundle from the storage without having the CA bundle for the connection which causes that the CertificateManager was throwing an Error. This commit improves the handling in CertificateManager and log unexpected behaviors. Signed-off-by: Jan Messer <[email protected]>
…ndler (only exceptions are catch) Signed-off-by: Jan Messer <[email protected]>
Messj1
force-pushed
the
bugfix/type-error-cert-manager-cache-path
branch
from
32603da to
647c65a
Compare
|
rebased and solved merge conflict. |
skjnldsv
changed the title
|
Thanks for your first pull request and welcome to the community! Feel free to keep them coming! If you are looking for issues to tackle then have a look at this selection: https://github.com/nextcloud/server/issues?q=is%3Aopen+is%3Aissue+label%3A%22good+first+issue%22 |
|
/backport to stable26 |
|
Just wanted to report that I am still hitting an error while upgrading from 26.0.0 to 26.0.1: Applying the workaround from #33487 (comment) fixed allowed the update to complete. edit: I guess that is exxpected until #38091 finally gets merged. 😅 |
|
Just to follow up: The 26.0.1 -> 26.0.2 update was the first one since 24.0.5 to complete successfully without the need for any workarounds/hacks. Thanks to everybody contributing to fixing this. |
close #33487
With S3 primary storage there was a problem with getting the CA bundle from the storage without having the CA bundle for the connection which causes that the
CertificateManagerwas throwing an Error. (handled in bffa67c)This commit improves the handling in
CertificateManagerand log unexpected behaviors.this issue is releated to #31605 so it should also be backported to Nextcloud v22