From 5bb903d9ef69b6e6a5cd6ef23758cd868c49c78b Mon Sep 17 00:00:00 2001
From: Matthieu Gallien <matthieu.gallien@nextcloud.com>
Date: Thu, 7 Dec 2023 10:00:23 +0100
Subject: [PATCH] block upload of new end-to-end encrypted files with invalid
 certificate

Signed-off-by: Matthieu Gallien <matthieu.gallien@nextcloud.com>
---
 src/libsync/discovery.cpp | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/libsync/discovery.cpp b/src/libsync/discovery.cpp
index 0cca045d63643..0da88e3bedde5 100644
--- a/src/libsync/discovery.cpp
+++ b/src/libsync/discovery.cpp
@@ -1017,6 +1017,12 @@ void ProcessDirectoryJob::processFileAnalyzeLocalInfo(
             item->_status = SyncFileItem::Status::NormalError;
         }
 
+        if (item->_direction == SyncFileItem::Up && item->isEncrypted() && (item->_instruction == CSYNC_INSTRUCTION_NEW || item->_instruction == CSYNC_INSTRUCTION_SYNC)) {
+            item->_instruction = CSYNC_INSTRUCTION_ERROR;
+            item->_errorString = tr("Cannot upload new encrypted file because the selected certificate is not valid.");
+            item->_status = SyncFileItem::Status::NormalError;
+        }
+
         auto recurseQueryLocal = _queryLocal == ParentNotChanged ? ParentNotChanged : localEntry.isDirectory || item->_instruction == CSYNC_INSTRUCTION_RENAME ? NormalQuery : ParentDontExist;
         processFileFinalize(item, path, recurse, recurseQueryLocal, recurseQueryServer);
     };