Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-64723

php curl does not parse certinfo 'Signiture Algorithm' correctly in returned curl data

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Minor Minor
    • 3.8.6, 3.9.3
    • 3.4.7, 3.5.4, 3.6, 3.7, 3.9.2
    • Administration
    • MOODLE_34_STABLE, MOODLE_35_STABLE, MOODLE_36_STABLE, MOODLE_37_STABLE, MOODLE_39_STABLE
    • MOODLE_38_STABLE, MOODLE_39_STABLE
    • Hide
      1. On a public https site with curl < v7.65.2 (in which this issue was fixed), login as admin
      2. Navigate to Mobile app > Mobile settings in site administration
      3. Enable mobile web services (enablemobilewebservice)
      4. Confirm you don't get a PHP notice due to malformed certificate parsing
      Show
      On a public https site with curl < v7.65.2 (in which this issue was fixed), login as admin Navigate to Mobile app > Mobile settings in site administration Enable mobile web services (enablemobilewebservice) Confirm you don't get a PHP notice due to malformed certificate parsing

      If you visit the admin/settings.php?section=mobilesettings page on a moodle site 3.4 or greater that has a valid certificate, moodle will perform a check in admin/tool/mobile/classes/api.php

      if ($cert['Signature Algorithm'] == 'sha1WithRSAEncryption' || $cert['Signature Algorithm'] == 'sha1WithRSA') {

      But you will get a php error notice that the $cert['Signature Algorithm'] index is undefined.

      Notice: Undefined index: Signature Algorithm in /var/www/site/admin/tool/mobile/classes/api.php

      That's because the curl does not parse the returned json data correctly. What we see is

      'Public Key Algorithm' => string(72) "   Signature Algorithm: sha256WithRSAEncryption sha256WithRSAEncryption"

      in the certinfo section of the returned curl data. What we should see is 'Signature Algorithm' having its own element in the associative array, not be part of this string.

       

      To reproduce this error:

      1. Turn on debug display and developer in a moodle site 3.4 or greater.
      2. If on a development site, in the code you can change the line in admin/tool/mobile/classes/api.php

      $curl->head($httpswwwroot . "/$CFG->admin/tool/mobile/mobile.webmanifest.php");

      to a site with a valid certificate, eg.

      $curl->head("https://www.google.com");

      3. Load the admin/settings.php?section=mobilesettings page and observe the php notices. Happens in php 5.6, 7.0, 7.2.

      This is not a problem directly in moodle, rather with curl upstream: https://github.com/curl/curl/issues/3706 . But it will produce errors in moodle sites on this page.

      This is now fixed upstream.

       

            pholden Paul Holden
            kristianr Kristian Ringer
            Simey Lameze Simey Lameze
            Jake Dallimore Jake Dallimore
            Jake Dallimore Jake Dallimore
            Votes:
            2 Vote for this issue
            Watchers:
            7 Start watching this issue

              Created:
              Updated:
              Resolved:

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 2 hours, 27 minutes
                2h 27m

                  Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.