Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-64723

php curl does not parse certinfo 'Signiture Algorithm' correctly in returned curl data

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • Minor
    • 3.8.6, 3.9.3
    • 3.4.7, 3.5.4, 3.6, 3.7, 3.9.2
    • Administration
    • MOODLE_34_STABLE, MOODLE_35_STABLE, MOODLE_36_STABLE, MOODLE_37_STABLE, MOODLE_39_STABLE
    • MOODLE_38_STABLE, MOODLE_39_STABLE
    • Hide
      1. On a public https site with curl < v7.65.2 (in which this issue was fixed), login as admin
      2. Navigate to Mobile app > Mobile settings in site administration
      3. Enable mobile web services (enablemobilewebservice)
      4. Confirm you don't get a PHP notice due to malformed certificate parsing
      Show
      On a public https site with curl < v7.65.2 (in which this issue was fixed), login as admin Navigate to Mobile app > Mobile settings in site administration Enable mobile web services (enablemobilewebservice) Confirm you don't get a PHP notice due to malformed certificate parsing

    Description

      If you visit the admin/settings.php?section=mobilesettings page on a moodle site 3.4 or greater that has a valid certificate, moodle will perform a check in admin/tool/mobile/classes/api.php

      if ($cert['Signature Algorithm'] == 'sha1WithRSAEncryption' || $cert['Signature Algorithm'] == 'sha1WithRSA') {

      But you will get a php error notice that the $cert['Signature Algorithm'] index is undefined.

      Notice: Undefined index: Signature Algorithm in /var/www/site/admin/tool/mobile/classes/api.php 
      

      That's because the curl does not parse the returned json data correctly. What we see is

      'Public Key Algorithm' => string(72) "   Signature Algorithm: sha256WithRSAEncryption sha256WithRSAEncryption"

      in the certinfo section of the returned curl data. What we should see is 'Signature Algorithm' having its own element in the associative array, not be part of this string.

       

      To reproduce this error:

      1. Turn on debug display and developer in a moodle site 3.4 or greater.
      2. If on a development site, in the code you can change the line in admin/tool/mobile/classes/api.php

      $curl->head($httpswwwroot . "/$CFG->admin/tool/mobile/mobile.webmanifest.php");
      

      to a site with a valid certificate, eg.

      $curl->head("https://www.google.com");

      3. Load the admin/settings.php?section=mobilesettings page and observe the php notices. Happens in php 5.6, 7.0, 7.2.

      This is not a problem directly in moodle, rather with curl upstream: https://github.com/curl/curl/issues/3706 . But it will produce errors in moodle sites on this page.

      This is now fixed upstream.

       

      Attachments

        Issue Links

          Activity

            People

              pholden Paul Holden
              kristianr Kristian Ringer
              Simey Lameze Simey Lameze
              Jake Dallimore Jake Dallimore
              Jake Dallimore Jake Dallimore
              Votes:
              2 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 2 hours, 27 minutes
                  2h 27m

                  Clockify

                    Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.