Details

    • Type: Sub-task
    • Status: Closed
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 2.4
    • Fix Version/s: 2.4
    • Component/s: Administration
    • Labels:
    • Testing Instructions:
      Hide

      Testing difficulty: TRIVIAL

      1. Log in as admin
      2. At the Notifications page, click "Check for available updates".
      3. TEST: Make sure no error appears and the response reads "Last check done on ... (now)"

      Show
      Testing difficulty: TRIVIAL 1. Log in as admin 2. At the Notifications page, click "Check for available updates". 3. TEST: Make sure no error appears and the response reads "Last check done on ... (now)"
    • Affected Branches:
      MOODLE_24_STABLE
    • Fixed Branches:
      MOODLE_24_STABLE
    • Pull from Repository:
    • Pull Master Branch:
      MDL-36720-updates-via-https

      Description

      Now when MDLSITE-1992 we can finally switch the default available updates provider to https://download.moodle.org/

        Gliffy Diagrams

          Issue Links

            Activity

            Hide
            mudrd8mz David Mudrak added a comment -

            The following changes since commit 2d7c5eeeea6287aeb5296937265b59b8d3c42403:
             
              on demand release 2.4beta+ (2012-11-16 16:27:08 +0800)
             
            are available in the git repository at:
              git://github.com/mudrd8mz/moodle.git MDL-36720-updates-via-https
             
            David Mudrák (1):
                  MDL-36720 Fetch available updates info via HTTPS
             
             lib/pluginlib.php |    2 +-
             1 files changed, 1 insertions(+), 1 deletions(-)

            Show
            mudrd8mz David Mudrak added a comment - The following changes since commit 2d7c5eeeea6287aeb5296937265b59b8d3c42403:   on demand release 2.4beta+ (2012-11-16 16:27:08 +0800)   are available in the git repository at: git://github.com/mudrd8mz/moodle.git MDL-36720-updates-via-https   David Mudrák (1): MDL-36720 Fetch available updates info via HTTPS   lib/pluginlib.php | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-)
            Hide
            poltawski Dan Poltawski added a comment -

            Integrated, thanks David

            Show
            poltawski Dan Poltawski added a comment - Integrated, thanks David
            Hide
            poltawski Dan Poltawski added a comment -

            Well, it works, but I am not sure if the curl class is properly verifying certicate. To test, I edited my /etc/hosts to set download.moodle.org to my machine, and used fake.php on my machine.

            I get:
            core_plugin/err_response_empty
            I did a:

            print_object($curl);

            and got:

            curl Object
            (
                [cache] => 
                [proxy] => 
                [version] => 0.4 dev
                [response] => Array
                    (
                        [HTTP/1.1] => Array
                            (
                                [0] => 100 Continue
                                [1] => 200 OK
                            )
             
                        [Date] => Wed, 21 Nov 2012 06:01:58 GMT
                        [Server] => Apache/2.2.22 (Unix) mod_ssl/2.2.22 OpenSSL/0.9.8r PHP/5.3.16
                        [X-Powered-By] => PHP/5.3.16
                        [Content-Length] => 1113
                        [Keep-Alive] => timeout=5, max=100
                        [Connection] => Keep-Alive
                        [Content-Type] => application/json
                    )
             
                [header] => Array
                    (
                        [0] => User-Agent: MoodleBot/1.0
                        [1] => Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
                        [2] => Connection: keep-alive
                    )
             
                [info] => Array
                    (
                        [url] => https://download.moodle.org/api/1.1/updates.php
                        [content_type] => application/json
                        [http_code] => 200
                        [header_size] => 288
                        [request_size] => 338
                        [filetime] => -1
                        [ssl_verify_result] => 1
                        [redirect_count] => 0
                        [total_time] => 0.022941
                        [namelookup_time] => 0.000689
                        [connect_time] => 0.000828
                        [pretransfer_time] => 0.019063
                        [size_upload] => 695
                        [size_download] => 1113
                        [speed_download] => 48515
                        [speed_upload] => 30295
                        [download_content_length] => 1113
                        [upload_content_length] => 695
                        [starttransfer_time] => 0.020155
                        [redirect_time] => 0
                        [certinfo] => Array
                            (
                            )
             
                        [redirect_url] => 
                    )
             
                [error] => SSL: certificate subject name 'dan.moodle.local' does not match target host name 'download.moodle.org'
                [errno] => 0
                [options:curl:private] => Array
                    (
                        [CURLOPT_USERAGENT] => MoodleBot/1.0
                        [CURLOPT_HEADER] => 0
                        [CURLOPT_NOBODY] => 0
                        [CURLOPT_MAXREDIRS] => 10
                        [CURLOPT_ENCODING] => 
                        [CURLOPT_RETURNTRANSFER] => 1
                        [CURLOPT_BINARYTRANSFER] => 0
                        [CURLOPT_SSL_VERIFYPEER] => 0
                        [CURLOPT_SSL_VERIFYHOST] => 2
                        [CURLOPT_CONNECTTIMEOUT] => 30
                        [CURLOPT_POST] => 1
                        [CURLOPT_POSTFIELDS] => Array
                            (
                                [format] => json
                                [ticket] => JUM5JTkxOSVGNiUzQiVENyU3Ri4lQjMlOUMlOEYlODIlRTI2JTEzJUUxJTE5JUNEJUNGJUZFJTAwZCVDMSslN0IlQkYlRkElMTlrJUFGeCUwRSVEQkYlMUIlODUlN0IlOEMlODlM
                                [version] => 2012112100
                                [branch] => 2.4
                                [plugins] => auth_mdk@2012080300
                            )
             
                        [CURLOPT_URL] => https://download.moodle.org/api/1.1/updates.php
                    )
             
                [proxy_host:curl:private] => 
                [proxy_auth:curl:private] => 
                [proxy_type:curl:private] => 
                [debug:curl:private] => 
                [cookie:curl:private] => 
                [count] => 11
            )

            Show
            poltawski Dan Poltawski added a comment - Well, it works, but I am not sure if the curl class is properly verifying certicate. To test, I edited my /etc/hosts to set download.moodle.org to my machine, and used fake.php on my machine. I get: core_plugin/err_response_empty I did a: print_object($curl); and got: curl Object ( [cache] => [proxy] => [version] => 0.4 dev [response] => Array ( [HTTP/1.1] => Array ( [0] => 100 Continue [1] => 200 OK )   [Date] => Wed, 21 Nov 2012 06:01:58 GMT [Server] => Apache/2.2.22 (Unix) mod_ssl/2.2.22 OpenSSL/0.9.8r PHP/5.3.16 [X-Powered-By] => PHP/5.3.16 [Content-Length] => 1113 [Keep-Alive] => timeout=5, max=100 [Connection] => Keep-Alive [Content-Type] => application/json )   [header] => Array ( [0] => User-Agent: MoodleBot/1.0 [1] => Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 [2] => Connection: keep-alive )   [info] => Array ( [url] => https://download.moodle.org/api/1.1/updates.php [content_type] => application/json [http_code] => 200 [header_size] => 288 [request_size] => 338 [filetime] => -1 [ssl_verify_result] => 1 [redirect_count] => 0 [total_time] => 0.022941 [namelookup_time] => 0.000689 [connect_time] => 0.000828 [pretransfer_time] => 0.019063 [size_upload] => 695 [size_download] => 1113 [speed_download] => 48515 [speed_upload] => 30295 [download_content_length] => 1113 [upload_content_length] => 695 [starttransfer_time] => 0.020155 [redirect_time] => 0 [certinfo] => Array ( )   [redirect_url] => )   [error] => SSL: certificate subject name 'dan.moodle.local' does not match target host name 'download.moodle.org' [errno] => 0 [options:curl:private] => Array ( [CURLOPT_USERAGENT] => MoodleBot/1.0 [CURLOPT_HEADER] => 0 [CURLOPT_NOBODY] => 0 [CURLOPT_MAXREDIRS] => 10 [CURLOPT_ENCODING] => [CURLOPT_RETURNTRANSFER] => 1 [CURLOPT_BINARYTRANSFER] => 0 [CURLOPT_SSL_VERIFYPEER] => 0 [CURLOPT_SSL_VERIFYHOST] => 2 [CURLOPT_CONNECTTIMEOUT] => 30 [CURLOPT_POST] => 1 [CURLOPT_POSTFIELDS] => Array ( [format] => json [ticket] => JUM5JTkxOSVGNiUzQiVENyU3Ri4lQjMlOUMlOEYlODIlRTI2JTEzJUUxJTE5JUNEJUNGJUZFJTAwZCVDMSslN0IlQkYlRkElMTlrJUFGeCUwRSVEQkYlMUIlODUlN0IlOEMlODlM [version] => 2012112100 [branch] => 2.4 [plugins] => auth_mdk@2012080300 )   [CURLOPT_URL] => https://download.moodle.org/api/1.1/updates.php )   [proxy_host:curl:private] => [proxy_auth:curl:private] => [proxy_type:curl:private] => [debug:curl:private] => [cookie:curl:private] => [count] => 11 )
            Hide
            poltawski Dan Poltawski added a comment -

            Ah, actually I changed the url to http, and it gets the right response. So I guess its doing the cert checking, just not responding quite right.

            Show
            poltawski Dan Poltawski added a comment - Ah, actually I changed the url to http, and it gets the right response. So I guess its doing the cert checking, just not responding quite right.
            Hide
            mudrd8mz David Mudrak added a comment -

            Hmm. Dan, can you please try the following patch and try the same trick with /etc/hosts and leave the default provider set to download.moodle.org.

            diff --git a/lib/pluginlib.php b/lib/pluginlib.php
            index 7383d7b..939703f 100644
            --- a/lib/pluginlib.php
            +++ b/lib/pluginlib.php
            @@ -828,9 +828,13 @@ class available_update_checker {
                     $curl = new curl(array('proxy' => true));
                     $response = $curl->post($this->prepare_request_url(), $this->prepare_request_params());
                     $curlinfo = $curl->get_info();
            +        $curlerrno = $curl->get_errno();
                     if ($curlinfo['http_code'] != 200) {
                         throw new available_update_checker_exception('err_response_http_code', $curlinfo['http_code']);
                     }
            +        if (!empty($curlerrno)) {
            +            throw new available_update_checker_exception('err_response_curl_error', $curlerrno);
            +        }
                     return $response;
                 }

            Show
            mudrd8mz David Mudrak added a comment - Hmm. Dan, can you please try the following patch and try the same trick with /etc/hosts and leave the default provider set to download.moodle.org. diff --git a/lib/pluginlib.php b/lib/pluginlib.php index 7383d7b..939703f 100644 --- a/lib/pluginlib.php +++ b/lib/pluginlib.php @@ -828,9 +828,13 @@ class available_update_checker { $curl = new curl(array('proxy' => true)); $response = $curl->post($this->prepare_request_url(), $this->prepare_request_params()); $curlinfo = $curl->get_info(); + $curlerrno = $curl->get_errno(); if ($curlinfo['http_code'] != 200) { throw new available_update_checker_exception('err_response_http_code', $curlinfo['http_code']); } + if (!empty($curlerrno)) { + throw new available_update_checker_exception('err_response_curl_error', $curlerrno); + } return $response; }
            Hide
            poltawski Dan Poltawski added a comment -

            Hi David,

            That doesn't change anything (which I would expect as errno is 0 in the above print_object).

            Show
            poltawski Dan Poltawski added a comment - Hi David, That doesn't change anything (which I would expect as errno is 0 in the above print_object).
            Hide
            mudrd8mz David Mudrak added a comment -

            Eh, so it does not throw the exception? So how are we able to detect that cURL's certificate validation failed?

            Show
            mudrd8mz David Mudrak added a comment - Eh, so it does not throw the exception? So how are we able to detect that cURL's certificate validation failed?
            Hide
            poltawski Dan Poltawski added a comment -

            It doesn't, but its also not returning the content, so we are safe for the moment.

            Show
            poltawski Dan Poltawski added a comment - It doesn't, but its also not returning the content, so we are safe for the moment.
            Hide
            poltawski Dan Poltawski added a comment -

            Congratulations! Another bug solved.. only another 7330 to go, thanks for contributing to contributing to 0.8% of all bugs being fixed this week!

            ciao
            Dan

            Show
            poltawski Dan Poltawski added a comment - Congratulations! Another bug solved.. only another 7330 to go, thanks for contributing to contributing to 0.8% of all bugs being fixed this week! ciao Dan

              People

              • Assignee:
                mudrd8mz David Mudrak
                Reporter:
                mudrd8mz David Mudrak
                Integrator:
                Dan Poltawski
                Tester:
                Dan Poltawski
                Participants:
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Fix Release Date:
                  3/Dec/12