Closed LMRW closed 2 months ago
Note: If this is expected behaviour (i.e. 24.04.5.1.1 requires different/additional arguments to allow self signed certs) I could not find the documentation for this, but it would be useful for the nextcloud/richdocuments to update to maintain compatibility. If however it is confirmed to be unexpected bug within 24.04.5.1.1 , I will close issue https://github.com/nextcloud/richdocuments/issues/3824
How can I help get a fix for this through? Happy to help
The options verify that richdocuments sets is only for verifying the Collabora certificate on the Nextcloud side. For Collabora verifying the Nextcloud certificate the relevant setting should be ssl.ssl_verification in coolwsd.xml. You probably need to adjust that, but I cannot tell why that might have changed in those Collabora versions.
Very useful information thank you
If need be, can nextcloud tell Collabora to not perform this check?
You also have given me a clue, so now maybe this weekend I can try modifying my docker container to get the latest version to work by adjusting ssl.ssl_verififcation.
I'll read up on what enviorment variables are possible and/or modify my built coolwsd.xml
The advice from @juliushaertl is correct, in case of a Docker container, the parameter for this is -e "extra_params=--o:ssl.ssl_verification=false"
. The separate config was added in connection to the following CVE: https://github.com/CollaboraOnline/online/security/advisories/GHSA-crg3-fjm2-xvpq
Great advice thank you
Can I ask where this was documented? As a user, it was working fine. Then it stopped. I didn't really have any indication why.
Describe the Bug
Please see related issue for nextcloud/richdocuments here: https://github.com/nextcloud/richdocuments/issues/3824
The issue is when nextcloud/richdocuments specifies
$options['verify'] = false
, CollaboraOnline/online ignores this request and still complains about a self signed certificate.Steps to Reproduce
Expected Behavior
CollaboraOnline/online should respect
$options['verify'] = false
request from nextcloud/richdocuments, and allow a self signed certificateActual Behavior
Even when verify=false is sent to CODE server, it still does now allow self signed certificates.
Additional Context
THIS HAS BEEN TESTED AS BELOW:
BUG PRESENT IN DOCKER IMAGE collabora/code:24.04.4.2.1: NO BUG PRESENT IN DOCKER IMAGE collabora/collabora/code:24.04.5.1.1: YES
This means this bug is new and only recently introduced in version 24.04.5.1.1.
As such for the time being I have downgraded.