Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-64723

php curl does not parse certinfo 'Signiture Algorithm' correctly in returned curl data

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 3.4.7, 3.5.4, 3.6, 3.7, 3.9.2
    • Fix Version/s: 3.8.6, 3.9.3
    • Component/s: Administration
    • Labels:

      Description

      If you visit the admin/settings.php?section=mobilesettings page on a moodle site 3.4 or greater that has a valid certificate, moodle will perform a check in admin/tool/mobile/classes/api.php

      if ($cert['Signature Algorithm'] == 'sha1WithRSAEncryption' || $cert['Signature Algorithm'] == 'sha1WithRSA') {

      But you will get a php error notice that the $cert['Signature Algorithm'] index is undefined.

      Notice: Undefined index: Signature Algorithm in /var/www/site/admin/tool/mobile/classes/api.php 
      

      That's because the curl does not parse the returned json data correctly. What we see is

      'Public Key Algorithm' => string(72) "   Signature Algorithm: sha256WithRSAEncryption sha256WithRSAEncryption"

      in the certinfo section of the returned curl data. What we should see is 'Signature Algorithm' having its own element in the associative array, not be part of this string.

       

      To reproduce this error:

      1. Turn on debug display and developer in a moodle site 3.4 or greater.
      2. If on a development site, in the code you can change the line in admin/tool/mobile/classes/api.php

      $curl->head($httpswwwroot . "/$CFG->admin/tool/mobile/mobile.webmanifest.php");
      

      to a site with a valid certificate, eg.

      $curl->head("https://www.google.com");

      3. Load the admin/settings.php?section=mobilesettings page and observe the php notices. Happens in php 5.6, 7.0, 7.2.

      This is not a problem directly in moodle, rather with curl upstream: https://github.com/curl/curl/issues/3706 . But it will produce errors in moodle sites on this page.

      This is now fixed upstream.

       

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              pholden Paul Holden
              Reporter:
              kristianr Kristian Ringer
              Peer reviewer:
              Simey Lameze Simey Lameze
              Integrator:
              Jake Dallimore Jake Dallimore
              Tester:
              Jake Dallimore Jake Dallimore
              Participants:
              Component watchers:
              Andrew Lyons, Dongsheng Cai, Huong Nguyen, Jun Pataleta, Michael Hawkins, Shamim Rezaie, Simey Lameze
              Votes:
              2 Vote for this issue
              Watchers:
              7 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Fix Release Date:
                9/Nov/20

                  Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 2 hours, 27 minutes
                  2h 27m