From 18b0d753f2d76da10fefbf9a34e22dfdcbdc93b0 Mon Sep 17 00:00:00 2001
From: Morris Jobke <hey@morrisjobke.de>
Date: Mon, 25 May 2020 15:03:52 +0200
Subject: [PATCH] Do not read certificate bundle from data dir by default

Before the resources/config/ca-bundle.crt was only used when the list of custom
certificates was empty and the instance was not installed. But it should also
be used when the list is empty and the instance is installed.

This is inverting the logic to stop if the instance is not installed to use the
default bundle. And it also does this when the list is empty.

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
---
 lib/private/Http/Client/Client.php   | 14 +++++++-------
 tests/lib/Http/Client/ClientTest.php |  5 ++---
 2 files changed, 9 insertions(+), 10 deletions(-)

diff --git a/lib/private/Http/Client/Client.php b/lib/private/Http/Client/Client.php
index af43df6365f..58234d16535 100644
--- a/lib/private/Http/Client/Client.php
+++ b/lib/private/Http/Client/Client.php
@@ -97,18 +97,18 @@ class Client implements IClient {
 	}
 
 	private function getCertBundle(): string {
-		if ($this->certificateManager->listCertificates() !== []) {
-			return $this->certificateManager->getAbsoluteBundlePath();
-		}
-
 		// If the instance is not yet setup we need to use the static path as
 		// $this->certificateManager->getAbsoluteBundlePath() tries to instantiiate
 		// a view
-		if ($this->config->getSystemValue('installed', false)) {
-			return $this->certificateManager->getAbsoluteBundlePath(null);
+		if ($this->config->getSystemValue('installed', false) === false) {
+			return \OC::$SERVERROOT . '/resources/config/ca-bundle.crt';
 		}
 
-		return \OC::$SERVERROOT . '/resources/config/ca-bundle.crt';
+		if ($this->certificateManager->listCertificates() === []) {
+			return \OC::$SERVERROOT . '/resources/config/ca-bundle.crt';
+		}
+
+		return $this->certificateManager->getAbsoluteBundlePath();
 	}
 
 	/**
diff --git a/tests/lib/Http/Client/ClientTest.php b/tests/lib/Http/Client/ClientTest.php
index a0c4d75c1bd..a462a0848ae 100644
--- a/tests/lib/Http/Client/ClientTest.php
+++ b/tests/lib/Http/Client/ClientTest.php
@@ -461,9 +461,8 @@ class ClientTest extends \Test\TestCase {
 			->with('installed', false)
 			->willReturn(false);
 		$this->certificateManager
-			->expects($this->once())
-			->method('listCertificates')
-			->willReturn([]);
+			->expects($this->never())
+			->method('listCertificates');
 
 		$this->assertEquals([
 			'verify' => \OC::$SERVERROOT . '/resources/config/ca-bundle.crt',