Details

    • Type: Sub-task
    • Status: Closed
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 2.4
    • Fix Version/s: 2.4
    • Component/s: Administration
    • Labels:
    • Testing Instructions:
      Hide

      Testing difficulty: TRIVIAL

      1. Log in as admin
      2. At the Notifications page, click "Check for available updates".
      3. TEST: Make sure no error appears and the response reads "Last check done on ... (now)"

      Show
      Testing difficulty: TRIVIAL 1. Log in as admin 2. At the Notifications page, click "Check for available updates". 3. TEST: Make sure no error appears and the response reads "Last check done on ... (now)"
    • Affected Branches:
      MOODLE_24_STABLE
    • Fixed Branches:
      MOODLE_24_STABLE
    • Pull from Repository:
    • Pull Master Branch:
      MDL-36720-updates-via-https

      Description

      Now when MDLSITE-1992 we can finally switch the default available updates provider to https://download.moodle.org/

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

              Hide
              mudrd8mz David Mudrák added a comment -

              The following changes since commit 2d7c5eeeea6287aeb5296937265b59b8d3c42403:
               
                on demand release 2.4beta+ (2012-11-16 16:27:08 +0800)
               
              are available in the git repository at:
                git://github.com/mudrd8mz/moodle.git MDL-36720-updates-via-https
               
              David Mudrák (1):
                    MDL-36720 Fetch available updates info via HTTPS
               
               lib/pluginlib.php |    2 +-
               1 files changed, 1 insertions(+), 1 deletions(-)

              Show
              mudrd8mz David Mudrák added a comment - The following changes since commit 2d7c5eeeea6287aeb5296937265b59b8d3c42403:   on demand release 2.4beta+ (2012-11-16 16:27:08 +0800)   are available in the git repository at: git://github.com/mudrd8mz/moodle.git MDL-36720-updates-via-https   David Mudrák (1): MDL-36720 Fetch available updates info via HTTPS   lib/pluginlib.php | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-)
              Hide
              poltawski Dan Poltawski added a comment -

              Integrated, thanks David

              Show
              poltawski Dan Poltawski added a comment - Integrated, thanks David
              Hide
              poltawski Dan Poltawski added a comment -

              Well, it works, but I am not sure if the curl class is properly verifying certicate. To test, I edited my /etc/hosts to set download.moodle.org to my machine, and used fake.php on my machine.

              I get:
              core_plugin/err_response_empty
              I did a:

              print_object($curl);

              and got:

              curl Object
              (
                  [cache] => 
                  [proxy] => 
                  [version] => 0.4 dev
                  [response] => Array
                      (
                          [HTTP/1.1] => Array
                              (
                                  [0] => 100 Continue
                                  [1] => 200 OK
                              )
               
                          [Date] => Wed, 21 Nov 2012 06:01:58 GMT
                          [Server] => Apache/2.2.22 (Unix) mod_ssl/2.2.22 OpenSSL/0.9.8r PHP/5.3.16
                          [X-Powered-By] => PHP/5.3.16
                          [Content-Length] => 1113
                          [Keep-Alive] => timeout=5, max=100
                          [Connection] => Keep-Alive
                          [Content-Type] => application/json
                      )
               
                  [header] => Array
                      (
                          [0] => User-Agent: MoodleBot/1.0
                          [1] => Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
                          [2] => Connection: keep-alive
                      )
               
                  [info] => Array
                      (
                          [url] => https://download.moodle.org/api/1.1/updates.php
                          [content_type] => application/json
                          [http_code] => 200
                          [header_size] => 288
                          [request_size] => 338
                          [filetime] => -1
                          [ssl_verify_result] => 1
                          [redirect_count] => 0
                          [total_time] => 0.022941
                          [namelookup_time] => 0.000689
                          [connect_time] => 0.000828
                          [pretransfer_time] => 0.019063
                          [size_upload] => 695
                          [size_download] => 1113
                          [speed_download] => 48515
                          [speed_upload] => 30295
                          [download_content_length] => 1113
                          [upload_content_length] => 695
                          [starttransfer_time] => 0.020155
                          [redirect_time] => 0
                          [certinfo] => Array
                              (
                              )
               
                          [redirect_url] => 
                      )
               
                  [error] => SSL: certificate subject name 'dan.moodle.local' does not match target host name 'download.moodle.org'
                  [errno] => 0
                  [options:curl:private] => Array
                      (
                          [CURLOPT_USERAGENT] => MoodleBot/1.0
                          [CURLOPT_HEADER] => 0
                          [CURLOPT_NOBODY] => 0
                          [CURLOPT_MAXREDIRS] => 10
                          [CURLOPT_ENCODING] => 
                          [CURLOPT_RETURNTRANSFER] => 1
                          [CURLOPT_BINARYTRANSFER] => 0
                          [CURLOPT_SSL_VERIFYPEER] => 0
                          [CURLOPT_SSL_VERIFYHOST] => 2
                          [CURLOPT_CONNECTTIMEOUT] => 30
                          [CURLOPT_POST] => 1
                          [CURLOPT_POSTFIELDS] => Array
                              (
                                  [format] => json
                                  [ticket] => JUM5JTkxOSVGNiUzQiVENyU3Ri4lQjMlOUMlOEYlODIlRTI2JTEzJUUxJTE5JUNEJUNGJUZFJTAwZCVDMSslN0IlQkYlRkElMTlrJUFGeCUwRSVEQkYlMUIlODUlN0IlOEMlODlM
                                  [version] => 2012112100
                                  [branch] => 2.4
                                  [plugins] => auth_mdk@2012080300
                              )
               
                          [CURLOPT_URL] => https://download.moodle.org/api/1.1/updates.php
                      )
               
                  [proxy_host:curl:private] => 
                  [proxy_auth:curl:private] => 
                  [proxy_type:curl:private] => 
                  [debug:curl:private] => 
                  [cookie:curl:private] => 
                  [count] => 11
              )

              Show
              poltawski Dan Poltawski added a comment - Well, it works, but I am not sure if the curl class is properly verifying certicate. To test, I edited my /etc/hosts to set download.moodle.org to my machine, and used fake.php on my machine. I get: core_plugin/err_response_empty I did a: print_object($curl); and got: curl Object ( [cache] => [proxy] => [version] => 0.4 dev [response] => Array ( [HTTP/1.1] => Array ( [0] => 100 Continue [1] => 200 OK )   [Date] => Wed, 21 Nov 2012 06:01:58 GMT [Server] => Apache/2.2.22 (Unix) mod_ssl/2.2.22 OpenSSL/0.9.8r PHP/5.3.16 [X-Powered-By] => PHP/5.3.16 [Content-Length] => 1113 [Keep-Alive] => timeout=5, max=100 [Connection] => Keep-Alive [Content-Type] => application/json )   [header] => Array ( [0] => User-Agent: MoodleBot/1.0 [1] => Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 [2] => Connection: keep-alive )   [info] => Array ( [url] => https://download.moodle.org/api/1.1/updates.php [content_type] => application/json [http_code] => 200 [header_size] => 288 [request_size] => 338 [filetime] => -1 [ssl_verify_result] => 1 [redirect_count] => 0 [total_time] => 0.022941 [namelookup_time] => 0.000689 [connect_time] => 0.000828 [pretransfer_time] => 0.019063 [size_upload] => 695 [size_download] => 1113 [speed_download] => 48515 [speed_upload] => 30295 [download_content_length] => 1113 [upload_content_length] => 695 [starttransfer_time] => 0.020155 [redirect_time] => 0 [certinfo] => Array ( )   [redirect_url] => )   [error] => SSL: certificate subject name 'dan.moodle.local' does not match target host name 'download.moodle.org' [errno] => 0 [options:curl:private] => Array ( [CURLOPT_USERAGENT] => MoodleBot/1.0 [CURLOPT_HEADER] => 0 [CURLOPT_NOBODY] => 0 [CURLOPT_MAXREDIRS] => 10 [CURLOPT_ENCODING] => [CURLOPT_RETURNTRANSFER] => 1 [CURLOPT_BINARYTRANSFER] => 0 [CURLOPT_SSL_VERIFYPEER] => 0 [CURLOPT_SSL_VERIFYHOST] => 2 [CURLOPT_CONNECTTIMEOUT] => 30 [CURLOPT_POST] => 1 [CURLOPT_POSTFIELDS] => Array ( [format] => json [ticket] => JUM5JTkxOSVGNiUzQiVENyU3Ri4lQjMlOUMlOEYlODIlRTI2JTEzJUUxJTE5JUNEJUNGJUZFJTAwZCVDMSslN0IlQkYlRkElMTlrJUFGeCUwRSVEQkYlMUIlODUlN0IlOEMlODlM [version] => 2012112100 [branch] => 2.4 [plugins] => auth_mdk@2012080300 )   [CURLOPT_URL] => https://download.moodle.org/api/1.1/updates.php )   [proxy_host:curl:private] => [proxy_auth:curl:private] => [proxy_type:curl:private] => [debug:curl:private] => [cookie:curl:private] => [count] => 11 )
              Hide
              poltawski Dan Poltawski added a comment -

              Ah, actually I changed the url to http, and it gets the right response. So I guess its doing the cert checking, just not responding quite right.

              Show
              poltawski Dan Poltawski added a comment - Ah, actually I changed the url to http, and it gets the right response. So I guess its doing the cert checking, just not responding quite right.
              Hide
              mudrd8mz David Mudrák added a comment -

              Hmm. Dan, can you please try the following patch and try the same trick with /etc/hosts and leave the default provider set to download.moodle.org.

              diff --git a/lib/pluginlib.php b/lib/pluginlib.php
              index 7383d7b..939703f 100644
              --- a/lib/pluginlib.php
              +++ b/lib/pluginlib.php
              @@ -828,9 +828,13 @@ class available_update_checker {
                       $curl = new curl(array('proxy' => true));
                       $response = $curl->post($this->prepare_request_url(), $this->prepare_request_params());
                       $curlinfo = $curl->get_info();
              +        $curlerrno = $curl->get_errno();
                       if ($curlinfo['http_code'] != 200) {
                           throw new available_update_checker_exception('err_response_http_code', $curlinfo['http_code']);
                       }
              +        if (!empty($curlerrno)) {
              +            throw new available_update_checker_exception('err_response_curl_error', $curlerrno);
              +        }
                       return $response;
                   }

              Show
              mudrd8mz David Mudrák added a comment - Hmm. Dan, can you please try the following patch and try the same trick with /etc/hosts and leave the default provider set to download.moodle.org. diff --git a/lib/pluginlib.php b/lib/pluginlib.php index 7383d7b..939703f 100644 --- a/lib/pluginlib.php +++ b/lib/pluginlib.php @@ -828,9 +828,13 @@ class available_update_checker { $curl = new curl(array('proxy' => true)); $response = $curl->post($this->prepare_request_url(), $this->prepare_request_params()); $curlinfo = $curl->get_info(); + $curlerrno = $curl->get_errno(); if ($curlinfo['http_code'] != 200) { throw new available_update_checker_exception('err_response_http_code', $curlinfo['http_code']); } + if (!empty($curlerrno)) { + throw new available_update_checker_exception('err_response_curl_error', $curlerrno); + } return $response; }
              Hide
              poltawski Dan Poltawski added a comment -

              Hi David,

              That doesn't change anything (which I would expect as errno is 0 in the above print_object).

              Show
              poltawski Dan Poltawski added a comment - Hi David, That doesn't change anything (which I would expect as errno is 0 in the above print_object).
              Hide
              mudrd8mz David Mudrák added a comment -

              Eh, so it does not throw the exception? So how are we able to detect that cURL's certificate validation failed?

              Show
              mudrd8mz David Mudrák added a comment - Eh, so it does not throw the exception? So how are we able to detect that cURL's certificate validation failed?
              Hide
              poltawski Dan Poltawski added a comment -

              It doesn't, but its also not returning the content, so we are safe for the moment.

              Show
              poltawski Dan Poltawski added a comment - It doesn't, but its also not returning the content, so we are safe for the moment.
              Hide
              poltawski Dan Poltawski added a comment -

              Congratulations! Another bug solved.. only another 7330 to go, thanks for contributing to contributing to 0.8% of all bugs being fixed this week!

              ciao
              Dan

              Show
              poltawski Dan Poltawski added a comment - Congratulations! Another bug solved.. only another 7330 to go, thanks for contributing to contributing to 0.8% of all bugs being fixed this week! ciao Dan

                People

                • Assignee:
                  mudrd8mz David Mudrák
                  Reporter:
                  mudrd8mz David Mudrák
                  Integrator:
                  Dan Poltawski
                  Tester:
                  Dan Poltawski
                  Participants:
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  3 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved:
                    Fix Release Date:
                    3/Dec/12