Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-56917

Environment checks for TLS can trigger a false positive

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 3.2
    • Fix Version/s: 3.2
    • Component/s: Installation
    • Environment:

      Description

      Having updated my dev env based on CentOS 7 PHP/7.0 w/ last updates, Moodle 3.2 tells me that I'm missing TLSv1.2 support which is not true.

      Try using the Dockerfile below, by issueing docker build .:

      FROM centos:7
       
      MAINTAINER Matteo Scaramuccia <moodle@matteoscaramuccia.com>
       
      # Prepare YUM, update the system and install prerequisites (even for debugging purposes).
      RUN    yum -y install deltarpm \
          && yum -y update \
          && yum -y install bash less sed
       
      # Install Epel's and Remi Collet's repos for CentOS 7.
      # Then install those latest PHP 7.0.x modules required by Moodle.
      RUN    yum -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm \
          && yum -y install http://rpms.remirepo.net/enterprise/remi-release-7.rpm \
          && yum-config-manager --enable remi-php70 \
          && yum -y install php php-bcmath php-cli php-common php-gd \
                            php-intl php-json php-mbstring php-mysqlnd php-opcache \
                            php-pdo php-pear \
                            php-pecl-apcu php-pecl-solr2 php-pecl-zip php-pecl-xdebug \
                            php-process php-soap php-xml php-xmlrpc
       
      # Configure PHP timezone.
      RUN    echo "Setting PHP default timezone to 'Europe/Rome'..." \
          && /usr/bin/sed -i "s@^;date.timezone =\$@date.timezone = 'Europe/Rome'@g" /etc/php.ini
       
      # Test if we should remove curl version check (7.34+) from MDL-55404.
      # Note: heredoc not supported: https://github.com/docker/docker/issues/1554.
      RUN echo "<?php \
      echo 'CURL_SSLVERSION_TLSv1_2: ' . CURL_SSLVERSION_TLSv1_2; \
      echo \"\\n\"; \
      var_dump(curl_version()); \
      echo 'Test if TLS 1.2 is used by default e.g. using PayPal API (https://www.paypal-knowledge.com/infocenter/index?page=content&id=FAQ1914):'; \
      \$ch = curl_init('https://tlstest.paypal.com/'); \
      curl_setopt(\$ch, CURLOPT_RETURNTRANSFER, true); \
      \$data = curl_exec(\$ch); \
      echo \"\\n\"; \
      echo 'Exec: ' . var_export(\$data, true); \
      echo \"\\n\"; \
      echo 'Errors: ' . var_export(curl_error(\$ch), true); \
      echo \"\\n\"; \
      " > /root/check_mdl-55404.php
      RUN    cat /etc/redhat-release \
          && echo \
          && php -v \
          && echo \
          && php -r 'phpinfo();' | grep -i curl \
          && echo \
          && curl -V \
          && echo \
          && php /root/check_mdl-55404.php
      

      You'll get all the env information and the PayPal TLS test will pass even if for the Moodle check this is "not expected":

      CentOS Linux release 7.2.1511 (Core)
       
      PHP 7.0.13 (cli) (built: Nov  8 2016 20:16:29) ( NTS )
      Copyright (c) 1997-2016 The PHP Group
      Zend Engine v3.0.0, Copyright (c) 1998-2016 Zend Technologies
          with Zend OPcache v7.0.13, Copyright (c) 1999-2016, by Zend Technologies
          with Xdebug v2.4.1, Copyright (c) 2002-2016, by Derick Rethans
       
      /etc/php.d/20-curl.ini,
      curl
      cURL support => enabled
      cURL Information => 7.29.0
       
      curl 7.29.0 (x86_64-redhat-linux-gnu) libcurl/7.29.0 NSS/3.19.1 Basic ECC zlib/1.2.7 libidn/1.28 libssh2/1.4.3
      Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp scp sftp smtp smtps telnet tftp
      Features: AsynchDNS GSS-Negotiate IDN IPv6 Largefile NTLM NTLM_WB SSL libz
       
      CURL_SSLVERSION_TLSv1_2: 6
      /root/check_mdl-55404.php:1:
      array(9) {
        'version_number' =>
        int(466176)
        'age' =>
        int(3)
        'features' =>
        int(34493)
        'ssl_version_number' =>
        int(0)
        'version' =>
        string(6) "7.29.0"
        'host' =>
        string(23) "x86_64-redhat-linux-gnu"
        'ssl_version' =>
        string(20) "NSS/3.19.1 Basic ECC"
        'libz_version' =>
        string(5) "1.2.7"
        'protocols' =>
        array(20) {
          [0] =>
          string(4) "dict"
          [1] =>
          string(4) "file"
          [2] =>
          string(3) "ftp"
          [3] =>
          string(4) "ftps"
          [4] =>
          string(6) "gopher"
          [5] =>
          string(4) "http"
          [6] =>
          string(5) "https"
          [7] =>
          string(4) "imap"
          [8] =>
          string(5) "imaps"
          [9] =>
          string(4) "ldap"
          [10] =>
          string(5) "ldaps"
          [11] =>
          string(4) "pop3"
          [12] =>
          string(5) "pop3s"
          [13] =>
          string(4) "rtsp"
          [14] =>
          string(3) "scp"
          [15] =>
          string(4) "sftp"
          [16] =>
          string(4) "smtp"
          [17] =>
          string(5) "smtps"
          [18] =>
          string(6) "telnet"
          [19] =>
          string(4) "tftp"
        }
      }
      Test if TLS 1.2 is used by default e.g. using PayPal API (https://www.paypal-knowledge.com/infocenter/index?page=content&id=FAQ1914):
      Exec: 'PayPal_Connection_OK'
      Errors: ''
      

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              matteo Matteo Scaramuccia
              Reporter:
              matteo Matteo Scaramuccia
              Peer reviewer:
              Ankit Agarwal
              Integrator:
              David Monllaó
              Tester:
              Simey Lameze
              Participants:
              Component watchers:
              Matteo Scaramuccia, Andrew Nicols, Jun Pataleta, Michael Hawkins, Shamim Rezaie, Simey Lameze
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Fix Release Date:
                5/Dec/16