-
Bug
-
Resolution: Fixed
-
Minor
-
3.2
-
CentOS Linux release 7.2.1511 (Core)
PHP 7.0.13 (cli) (built: Nov 8 2016 20:16:29) ( NTS )
Copyright (c) 1997-2016 The PHP Group
Zend Engine v3.0.0, Copyright (c) 1998-2016 Zend Technologies
with Zend OPcache v7.0.13, Copyright (c) 1999-2016, by Zend Technologies
with Xdebug v2.4.1, Copyright (c) 2002-2016, by Derick Rethans
/etc/php.d/20-curl.ini,
curl
cURL support => enabled
cURL Information => 7.29.0
curl 7.29.0 (x86_64-redhat-linux-gnu) libcurl/7.29.0 NSS/3.19.1 Basic ECC zlib/1.2.7 libidn/1.28 libssh2/1.4.3
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp scp sftp smtp smtps telnet tftp
Features: AsynchDNS GSS-Negotiate IDN IPv6 Largefile NTLM NTLM_WB SSL libzCentOS Linux release 7.2.1511 (Core) PHP 7.0.13 (cli) (built: Nov 8 2016 20:16:29) ( NTS ) Copyright (c) 1997-2016 The PHP Group Zend Engine v3.0.0, Copyright (c) 1998-2016 Zend Technologies with Zend OPcache v7.0.13, Copyright (c) 1999-2016, by Zend Technologies with Xdebug v2.4.1, Copyright (c) 2002-2016, by Derick Rethans /etc/php.d/20-curl.ini, curl cURL support => enabled cURL Information => 7.29.0 curl 7.29.0 (x86_64-redhat-linux-gnu) libcurl/7.29.0 NSS/3.19.1 Basic ECC zlib/1.2.7 libidn/1.28 libssh2/1.4.3 Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp scp sftp smtp smtps telnet tftp Features: AsynchDNS GSS-Negotiate IDN IPv6 Largefile NTLM NTLM_WB SSL libz
-
MOODLE_32_STABLE
-
MOODLE_32_STABLE
-
m32_
MDL-56917_TLS_Env_Checks_Based_On_Caps_Not_Raw_Version -
Having updated my dev env based on CentOS 7 PHP/7.0 w/ last updates, Moodle 3.2 tells me that I'm missing TLSv1.2 support which is not true.
Try using the Dockerfile below, by issueing docker build .:
FROM centos:7
|
|
MAINTAINER Matteo Scaramuccia <moodle@matteoscaramuccia.com>
|
|
# Prepare YUM, update the system and install prerequisites (even for debugging purposes).
|
RUN yum -y install deltarpm \
|
&& yum -y update \
|
&& yum -y install bash less sed
|
|
# Install Epel's and Remi Collet's repos for CentOS 7.
|
# Then install those latest PHP 7.0.x modules required by Moodle.
|
RUN yum -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm \
|
&& yum -y install http://rpms.remirepo.net/enterprise/remi-release-7.rpm \
|
&& yum-config-manager --enable remi-php70 \
|
&& yum -y install php php-bcmath php-cli php-common php-gd \
|
php-intl php-json php-mbstring php-mysqlnd php-opcache \
|
php-pdo php-pear \
|
php-pecl-apcu php-pecl-solr2 php-pecl-zip php-pecl-xdebug \
|
php-process php-soap php-xml php-xmlrpc
|
|
# Configure PHP timezone.
|
RUN echo "Setting PHP default timezone to 'Europe/Rome'..." \
|
&& /usr/bin/sed -i "s@^;date.timezone =\$@date.timezone = 'Europe/Rome'@g" /etc/php.ini
|
|
# Test if we should remove curl version check (7.34+) from MDL-55404.
|
# Note: heredoc not supported: https://github.com/docker/docker/issues/1554.
|
RUN echo "<?php \
|
echo 'CURL_SSLVERSION_TLSv1_2: ' . CURL_SSLVERSION_TLSv1_2; \
|
echo \"\\n\"; \
|
var_dump(curl_version()); \
|
echo 'Test if TLS 1.2 is used by default e.g. using PayPal API (https://www.paypal-knowledge.com/infocenter/index?page=content&id=FAQ1914):'; \
|
\$ch = curl_init('https://tlstest.paypal.com/'); \
|
curl_setopt(\$ch, CURLOPT_RETURNTRANSFER, true); \
|
\$data = curl_exec(\$ch); \
|
echo \"\\n\"; \
|
echo 'Exec: ' . var_export(\$data, true); \
|
echo \"\\n\"; \
|
echo 'Errors: ' . var_export(curl_error(\$ch), true); \
|
echo \"\\n\"; \
|
" > /root/check_mdl-55404.php
|
RUN cat /etc/redhat-release \
|
&& echo \
|
&& php -v \
|
&& echo \
|
&& php -r 'phpinfo();' | grep -i curl \
|
&& echo \
|
&& curl -V \
|
&& echo \
|
&& php /root/check_mdl-55404.php
|
You'll get all the env information and the PayPal TLS test will pass even if for the Moodle check this is "not expected":
CentOS Linux release 7.2.1511 (Core)
|
|
PHP 7.0.13 (cli) (built: Nov 8 2016 20:16:29) ( NTS )
|
Copyright (c) 1997-2016 The PHP Group
|
Zend Engine v3.0.0, Copyright (c) 1998-2016 Zend Technologies
|
with Zend OPcache v7.0.13, Copyright (c) 1999-2016, by Zend Technologies
|
with Xdebug v2.4.1, Copyright (c) 2002-2016, by Derick Rethans
|
|
/etc/php.d/20-curl.ini,
|
curl
|
cURL support => enabled
|
cURL Information => 7.29.0
|
|
curl 7.29.0 (x86_64-redhat-linux-gnu) libcurl/7.29.0 NSS/3.19.1 Basic ECC zlib/1.2.7 libidn/1.28 libssh2/1.4.3
|
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp scp sftp smtp smtps telnet tftp
|
Features: AsynchDNS GSS-Negotiate IDN IPv6 Largefile NTLM NTLM_WB SSL libz
|
|
CURL_SSLVERSION_TLSv1_2: 6
|
/root/check_mdl-55404.php:1:
|
array(9) {
|
'version_number' =>
|
int(466176)
|
'age' =>
|
int(3)
|
'features' =>
|
int(34493)
|
'ssl_version_number' =>
|
int(0)
|
'version' =>
|
string(6) "7.29.0"
|
'host' =>
|
string(23) "x86_64-redhat-linux-gnu"
|
'ssl_version' =>
|
string(20) "NSS/3.19.1 Basic ECC"
|
'libz_version' =>
|
string(5) "1.2.7"
|
'protocols' =>
|
array(20) {
|
[0] =>
|
string(4) "dict"
|
[1] =>
|
string(4) "file"
|
[2] =>
|
string(3) "ftp"
|
[3] =>
|
string(4) "ftps"
|
[4] =>
|
string(6) "gopher"
|
[5] =>
|
string(4) "http"
|
[6] =>
|
string(5) "https"
|
[7] =>
|
string(4) "imap"
|
[8] =>
|
string(5) "imaps"
|
[9] =>
|
string(4) "ldap"
|
[10] =>
|
string(5) "ldaps"
|
[11] =>
|
string(4) "pop3"
|
[12] =>
|
string(5) "pop3s"
|
[13] =>
|
string(4) "rtsp"
|
[14] =>
|
string(3) "scp"
|
[15] =>
|
string(4) "sftp"
|
[16] =>
|
string(4) "smtp"
|
[17] =>
|
string(5) "smtps"
|
[18] =>
|
string(6) "telnet"
|
[19] =>
|
string(4) "tftp"
|
}
|
}
|
Test if TLS 1.2 is used by default e.g. using PayPal API (https://www.paypal-knowledge.com/infocenter/index?page=content&id=FAQ1914):
|
Exec: 'PayPal_Connection_OK'
|
Errors: ''
|
- blocks
-
MDL-56806 Add environment checks for TLS that missed stables in MDL-55404
- Closed
- caused a regression
-
MDL-57450 Remove TLS check from environment file whilst it is not reliable
- Closed
- has been marked as being related by
-
MDL-54770 PayPal enrolment plugin to support required SSLVERSION TLS v1.2 if possible
- Closed
-
MDL-57163 Fatal error during installation if PHP curl extension is not installed
- Closed
-
MDL-57262 Re-implement curl TLS check by checking functionality rather than sniffing versions
- Closed
- is a regression caused by
-
MDL-55404 Add environment checks for TLS
- Closed