Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-56917

Environment checks for TLS can trigger a false positive

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Minor
    • Resolution: Fixed
    • 3.2
    • 3.2
    • Installation

    Description

      Having updated my dev env based on CentOS 7 PHP/7.0 w/ last updates, Moodle 3.2 tells me that I'm missing TLSv1.2 support which is not true.

      Try using the Dockerfile below, by issueing docker build .:

      FROM centos:7
       
      MAINTAINER Matteo Scaramuccia <moodle@matteoscaramuccia.com>
       
      # Prepare YUM, update the system and install prerequisites (even for debugging purposes).
      RUN    yum -y install deltarpm \
          && yum -y update \
          && yum -y install bash less sed
       
      # Install Epel's and Remi Collet's repos for CentOS 7.
      # Then install those latest PHP 7.0.x modules required by Moodle.
      RUN    yum -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm \
          && yum -y install http://rpms.remirepo.net/enterprise/remi-release-7.rpm \
          && yum-config-manager --enable remi-php70 \
          && yum -y install php php-bcmath php-cli php-common php-gd \
                            php-intl php-json php-mbstring php-mysqlnd php-opcache \
                            php-pdo php-pear \
                            php-pecl-apcu php-pecl-solr2 php-pecl-zip php-pecl-xdebug \
                            php-process php-soap php-xml php-xmlrpc
       
      # Configure PHP timezone.
      RUN    echo "Setting PHP default timezone to 'Europe/Rome'..." \
          && /usr/bin/sed -i "s@^;date.timezone =\$@date.timezone = 'Europe/Rome'@g" /etc/php.ini
       
      # Test if we should remove curl version check (7.34+) from MDL-55404.
      # Note: heredoc not supported: https://github.com/docker/docker/issues/1554.
      RUN echo "<?php \
      echo 'CURL_SSLVERSION_TLSv1_2: ' . CURL_SSLVERSION_TLSv1_2; \
      echo \"\\n\"; \
      var_dump(curl_version()); \
      echo 'Test if TLS 1.2 is used by default e.g. using PayPal API (https://www.paypal-knowledge.com/infocenter/index?page=content&id=FAQ1914):'; \
      \$ch = curl_init('https://tlstest.paypal.com/'); \
      curl_setopt(\$ch, CURLOPT_RETURNTRANSFER, true); \
      \$data = curl_exec(\$ch); \
      echo \"\\n\"; \
      echo 'Exec: ' . var_export(\$data, true); \
      echo \"\\n\"; \
      echo 'Errors: ' . var_export(curl_error(\$ch), true); \
      echo \"\\n\"; \
      " > /root/check_mdl-55404.php
      RUN    cat /etc/redhat-release \
          && echo \
          && php -v \
          && echo \
          && php -r 'phpinfo();' | grep -i curl \
          && echo \
          && curl -V \
          && echo \
          && php /root/check_mdl-55404.php
      

      You'll get all the env information and the PayPal TLS test will pass even if for the Moodle check this is "not expected":

      CentOS Linux release 7.2.1511 (Core)
       
      PHP 7.0.13 (cli) (built: Nov  8 2016 20:16:29) ( NTS )
      Copyright (c) 1997-2016 The PHP Group
      Zend Engine v3.0.0, Copyright (c) 1998-2016 Zend Technologies
          with Zend OPcache v7.0.13, Copyright (c) 1999-2016, by Zend Technologies
          with Xdebug v2.4.1, Copyright (c) 2002-2016, by Derick Rethans
       
      /etc/php.d/20-curl.ini,
      curl
      cURL support => enabled
      cURL Information => 7.29.0
       
      curl 7.29.0 (x86_64-redhat-linux-gnu) libcurl/7.29.0 NSS/3.19.1 Basic ECC zlib/1.2.7 libidn/1.28 libssh2/1.4.3
      Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp scp sftp smtp smtps telnet tftp
      Features: AsynchDNS GSS-Negotiate IDN IPv6 Largefile NTLM NTLM_WB SSL libz
       
      CURL_SSLVERSION_TLSv1_2: 6
      /root/check_mdl-55404.php:1:
      array(9) {
        'version_number' =>
        int(466176)
        'age' =>
        int(3)
        'features' =>
        int(34493)
        'ssl_version_number' =>
        int(0)
        'version' =>
        string(6) "7.29.0"
        'host' =>
        string(23) "x86_64-redhat-linux-gnu"
        'ssl_version' =>
        string(20) "NSS/3.19.1 Basic ECC"
        'libz_version' =>
        string(5) "1.2.7"
        'protocols' =>
        array(20) {
          [0] =>
          string(4) "dict"
          [1] =>
          string(4) "file"
          [2] =>
          string(3) "ftp"
          [3] =>
          string(4) "ftps"
          [4] =>
          string(6) "gopher"
          [5] =>
          string(4) "http"
          [6] =>
          string(5) "https"
          [7] =>
          string(4) "imap"
          [8] =>
          string(5) "imaps"
          [9] =>
          string(4) "ldap"
          [10] =>
          string(5) "ldaps"
          [11] =>
          string(4) "pop3"
          [12] =>
          string(5) "pop3s"
          [13] =>
          string(4) "rtsp"
          [14] =>
          string(3) "scp"
          [15] =>
          string(4) "sftp"
          [16] =>
          string(4) "smtp"
          [17] =>
          string(5) "smtps"
          [18] =>
          string(6) "telnet"
          [19] =>
          string(4) "tftp"
        }
      }
      Test if TLS 1.2 is used by default e.g. using PayPal API (https://www.paypal-knowledge.com/infocenter/index?page=content&id=FAQ1914):
      Exec: 'PayPal_Connection_OK'
      Errors: ''
      

      Attachments

        Issue Links

          Activity

            People

              matteo Matteo Scaramuccia
              matteo Matteo Scaramuccia
              Ankit Agarwal Ankit Agarwal
              David Monllaó David Monllaó
              Simey Lameze Simey Lameze
              Matteo Scaramuccia, David Woloszyn, Huong Nguyen, Jake Dallimore, Michael Hawkins, Stevani Andolo
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:
                5/Dec/16