Details

    • Type: Sub-task Sub-task
    • Status: Closed
    • Priority: Critical Critical
    • Resolution: Fixed
    • Affects Version/s: 2.4
    • Fix Version/s: 2.4
    • Component/s: Administration
    • Labels:
    • Testing Instructions:
      Hide

      Testing difficulty: TRIVIAL

      1. Log in as admin
      2. At the Notifications page, click "Check for available updates".
      3. TEST: Make sure no error appears and the response reads "Last check done on ... (now)"

      Show
      Testing difficulty: TRIVIAL 1. Log in as admin 2. At the Notifications page, click "Check for available updates". 3. TEST: Make sure no error appears and the response reads "Last check done on ... (now)"
    • Affected Branches:
      MOODLE_24_STABLE
    • Fixed Branches:
      MOODLE_24_STABLE
    • Pull from Repository:
    • Pull Master Branch:
      MDL-36720-updates-via-https
    • Rank:
      46225

      Description

      Now when MDLSITE-1992 we can finally switch the default available updates provider to https://download.moodle.org/

        Issue Links

          Activity

          Hide
          David Mudrak added a comment -
          The following changes since commit 2d7c5eeeea6287aeb5296937265b59b8d3c42403:
          
            on demand release 2.4beta+ (2012-11-16 16:27:08 +0800)
          
          are available in the git repository at:
            git://github.com/mudrd8mz/moodle.git MDL-36720-updates-via-https
          
          David Mudrák (1):
                MDL-36720 Fetch available updates info via HTTPS
          
           lib/pluginlib.php |    2 +-
           1 files changed, 1 insertions(+), 1 deletions(-)
          
          Show
          David Mudrak added a comment - The following changes since commit 2d7c5eeeea6287aeb5296937265b59b8d3c42403: on demand release 2.4beta+ (2012-11-16 16:27:08 +0800) are available in the git repository at: git: //github.com/mudrd8mz/moodle.git MDL-36720-updates-via-https David Mudrák (1): MDL-36720 Fetch available updates info via HTTPS lib/pluginlib.php | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-)
          Hide
          Dan Poltawski added a comment -

          Integrated, thanks David

          Show
          Dan Poltawski added a comment - Integrated, thanks David
          Hide
          Dan Poltawski added a comment -

          Well, it works, but I am not sure if the curl class is properly verifying certicate. To test, I edited my /etc/hosts to set download.moodle.org to my machine, and used fake.php on my machine.

          I get:
          core_plugin/err_response_empty
          I did a:

          print_object($curl);
          

          and got:

          curl Object
          (
              [cache] => 
              [proxy] => 
              [version] => 0.4 dev
              [response] => Array
                  (
                      [HTTP/1.1] => Array
                          (
                              [0] => 100 Continue
                              [1] => 200 OK
                          )
          
                      [Date] => Wed, 21 Nov 2012 06:01:58 GMT
                      [Server] => Apache/2.2.22 (Unix) mod_ssl/2.2.22 OpenSSL/0.9.8r PHP/5.3.16
                      [X-Powered-By] => PHP/5.3.16
                      [Content-Length] => 1113
                      [Keep-Alive] => timeout=5, max=100
                      [Connection] => Keep-Alive
                      [Content-Type] => application/json
                  )
          
              [header] => Array
                  (
                      [0] => User-Agent: MoodleBot/1.0
                      [1] => Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
                      [2] => Connection: keep-alive
                  )
          
              [info] => Array
                  (
                      [url] => https://download.moodle.org/api/1.1/updates.php
                      [content_type] => application/json
                      [http_code] => 200
                      [header_size] => 288
                      [request_size] => 338
                      [filetime] => -1
                      [ssl_verify_result] => 1
                      [redirect_count] => 0
                      [total_time] => 0.022941
                      [namelookup_time] => 0.000689
                      [connect_time] => 0.000828
                      [pretransfer_time] => 0.019063
                      [size_upload] => 695
                      [size_download] => 1113
                      [speed_download] => 48515
                      [speed_upload] => 30295
                      [download_content_length] => 1113
                      [upload_content_length] => 695
                      [starttransfer_time] => 0.020155
                      [redirect_time] => 0
                      [certinfo] => Array
                          (
                          )
          
                      [redirect_url] => 
                  )
          
              [error] => SSL: certificate subject name 'dan.moodle.local' does not match target host name 'download.moodle.org'
              [errno] => 0
              [options:curl:private] => Array
                  (
                      [CURLOPT_USERAGENT] => MoodleBot/1.0
                      [CURLOPT_HEADER] => 0
                      [CURLOPT_NOBODY] => 0
                      [CURLOPT_MAXREDIRS] => 10
                      [CURLOPT_ENCODING] => 
                      [CURLOPT_RETURNTRANSFER] => 1
                      [CURLOPT_BINARYTRANSFER] => 0
                      [CURLOPT_SSL_VERIFYPEER] => 0
                      [CURLOPT_SSL_VERIFYHOST] => 2
                      [CURLOPT_CONNECTTIMEOUT] => 30
                      [CURLOPT_POST] => 1
                      [CURLOPT_POSTFIELDS] => Array
                          (
                              [format] => json
                              [ticket] => JUM5JTkxOSVGNiUzQiVENyU3Ri4lQjMlOUMlOEYlODIlRTI2JTEzJUUxJTE5JUNEJUNGJUZFJTAwZCVDMSslN0IlQkYlRkElMTlrJUFGeCUwRSVEQkYlMUIlODUlN0IlOEMlODlM
                              [version] => 2012112100
                              [branch] => 2.4
                              [plugins] => auth_mdk@2012080300
                          )
          
                      [CURLOPT_URL] => https://download.moodle.org/api/1.1/updates.php
                  )
          
              [proxy_host:curl:private] => 
              [proxy_auth:curl:private] => 
              [proxy_type:curl:private] => 
              [debug:curl:private] => 
              [cookie:curl:private] => 
              [count] => 11
          )
          
          Show
          Dan Poltawski added a comment - Well, it works, but I am not sure if the curl class is properly verifying certicate. To test, I edited my /etc/hosts to set download.moodle.org to my machine, and used fake.php on my machine. I get: core_plugin/err_response_empty I did a: print_object($curl); and got: curl Object ( [cache] => [proxy] => [version] => 0.4 dev [response] => Array ( [HTTP/1.1] => Array ( [0] => 100 Continue [1] => 200 OK ) [Date] => Wed, 21 Nov 2012 06:01:58 GMT [Server] => Apache/2.2.22 (Unix) mod_ssl/2.2.22 OpenSSL/0.9.8r PHP/5.3.16 [X-Powered-By] => PHP/5.3.16 [Content-Length] => 1113 [Keep-Alive] => timeout=5, max=100 [Connection] => Keep-Alive [Content-Type] => application/json ) [header] => Array ( [0] => User-Agent: MoodleBot/1.0 [1] => Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 [2] => Connection: keep-alive ) [info] => Array ( [url] => https: //download.moodle.org/api/1.1/updates.php [content_type] => application/json [http_code] => 200 [header_size] => 288 [request_size] => 338 [filetime] => -1 [ssl_verify_result] => 1 [redirect_count] => 0 [total_time] => 0.022941 [namelookup_time] => 0.000689 [connect_time] => 0.000828 [pretransfer_time] => 0.019063 [size_upload] => 695 [size_download] => 1113 [speed_download] => 48515 [speed_upload] => 30295 [download_content_length] => 1113 [upload_content_length] => 695 [starttransfer_time] => 0.020155 [redirect_time] => 0 [certinfo] => Array ( ) [redirect_url] => ) [error] => SSL: certificate subject name 'dan.moodle.local' does not match target host name 'download.moodle.org' [errno] => 0 [options:curl: private ] => Array ( [CURLOPT_USERAGENT] => MoodleBot/1.0 [CURLOPT_HEADER] => 0 [CURLOPT_NOBODY] => 0 [CURLOPT_MAXREDIRS] => 10 [CURLOPT_ENCODING] => [CURLOPT_RETURNTRANSFER] => 1 [CURLOPT_BINARYTRANSFER] => 0 [CURLOPT_SSL_VERIFYPEER] => 0 [CURLOPT_SSL_VERIFYHOST] => 2 [CURLOPT_CONNECTTIMEOUT] => 30 [CURLOPT_POST] => 1 [CURLOPT_POSTFIELDS] => Array ( [format] => json [ticket] => JUM5JTkxOSVGNiUzQiVENyU3Ri4lQjMlOUMlOEYlODIlRTI2JTEzJUUxJTE5JUNEJUNGJUZFJTAwZCVDMSslN0IlQkYlRkElMTlrJUFGeCUwRSVEQkYlMUIlODUlN0IlOEMlODlM [version] => 2012112100 [branch] => 2.4 [plugins] => auth_mdk@2012080300 ) [CURLOPT_URL] => https: //download.moodle.org/api/1.1/updates.php ) [proxy_host:curl: private ] => [proxy_auth:curl: private ] => [proxy_type:curl: private ] => [debug:curl: private ] => [cookie:curl: private ] => [count] => 11 )
          Hide
          Dan Poltawski added a comment -

          Ah, actually I changed the url to http, and it gets the right response. So I guess its doing the cert checking, just not responding quite right.

          Show
          Dan Poltawski added a comment - Ah, actually I changed the url to http, and it gets the right response. So I guess its doing the cert checking, just not responding quite right.
          Hide
          David Mudrak added a comment -

          Hmm. Dan, can you please try the following patch and try the same trick with /etc/hosts and leave the default provider set to download.moodle.org.

          diff --git a/lib/pluginlib.php b/lib/pluginlib.php
          index 7383d7b..939703f 100644
          --- a/lib/pluginlib.php
          +++ b/lib/pluginlib.php
          @@ -828,9 +828,13 @@ class available_update_checker {
                   $curl = new curl(array('proxy' => true));
                   $response = $curl->post($this->prepare_request_url(), $this->prepare_request_params());
                   $curlinfo = $curl->get_info();
          +        $curlerrno = $curl->get_errno();
                   if ($curlinfo['http_code'] != 200) {
                       throw new available_update_checker_exception('err_response_http_code', $curlinfo['http_code']);
                   }
          +        if (!empty($curlerrno)) {
          +            throw new available_update_checker_exception('err_response_curl_error', $curlerrno);
          +        }
                   return $response;
               }
          
          Show
          David Mudrak added a comment - Hmm. Dan, can you please try the following patch and try the same trick with /etc/hosts and leave the default provider set to download.moodle.org. diff --git a/lib/pluginlib.php b/lib/pluginlib.php index 7383d7b..939703f 100644 --- a/lib/pluginlib.php +++ b/lib/pluginlib.php @@ -828,9 +828,13 @@ class available_update_checker { $curl = new curl(array('proxy' => true )); $response = $curl->post($ this ->prepare_request_url(), $ this ->prepare_request_params()); $curlinfo = $curl->get_info(); + $curlerrno = $curl->get_errno(); if ($curlinfo['http_code'] != 200) { throw new available_update_checker_exception('err_response_http_code', $curlinfo['http_code']); } + if (!empty($curlerrno)) { + throw new available_update_checker_exception('err_response_curl_error', $curlerrno); + } return $response; }
          Hide
          Dan Poltawski added a comment -

          Hi David,

          That doesn't change anything (which I would expect as errno is 0 in the above print_object).

          Show
          Dan Poltawski added a comment - Hi David, That doesn't change anything (which I would expect as errno is 0 in the above print_object).
          Hide
          David Mudrak added a comment -

          Eh, so it does not throw the exception? So how are we able to detect that cURL's certificate validation failed?

          Show
          David Mudrak added a comment - Eh, so it does not throw the exception? So how are we able to detect that cURL's certificate validation failed?
          Hide
          Dan Poltawski added a comment -

          It doesn't, but its also not returning the content, so we are safe for the moment.

          Show
          Dan Poltawski added a comment - It doesn't, but its also not returning the content, so we are safe for the moment.
          Hide
          Dan Poltawski added a comment -

          Congratulations! Another bug solved.. only another 7330 to go, thanks for contributing to contributing to 0.8% of all bugs being fixed this week!

          ciao
          Dan

          Show
          Dan Poltawski added a comment - Congratulations! Another bug solved.. only another 7330 to go, thanks for contributing to contributing to 0.8% of all bugs being fixed this week! ciao Dan

            People

            • Assignee:
              David Mudrak
              Reporter:
              David Mudrak
              Integrator:
              Dan Poltawski
              Tester:
              Dan Poltawski
              Participants:
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: