| 1 |
efrain |
1 |
<?php
|
|
|
2 |
// This file is part of Moodle - http://moodle.org/
|
|
|
3 |
//
|
|
|
4 |
// Moodle is free software: you can redistribute it and/or modify
|
|
|
5 |
// it under the terms of the GNU General Public License as published by
|
|
|
6 |
// the Free Software Foundation, either version 3 of the License, or
|
|
|
7 |
// (at your option) any later version.
|
|
|
8 |
//
|
|
|
9 |
// Moodle is distributed in the hope that it will be useful,
|
|
|
10 |
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
11 |
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
12 |
// GNU General Public License for more details.
|
|
|
13 |
//
|
|
|
14 |
// You should have received a copy of the GNU General Public License
|
|
|
15 |
// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
|
|
|
16 |
|
|
|
17 |
/**
|
|
|
18 |
* PayPal enrolment plugin utility class.
|
|
|
19 |
*
|
|
|
20 |
* @package core
|
|
|
21 |
* @copyright 2016 Cameron Ball <cameron@cameron1729.xyz>
|
|
|
22 |
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
|
|
|
23 |
*/
|
|
|
24 |
|
|
|
25 |
namespace core\upgrade;
|
|
|
26 |
|
|
|
27 |
defined('MOODLE_INTERNAL') || die();
|
|
|
28 |
|
|
|
29 |
/**
|
|
|
30 |
* Core upgrade utility class.
|
|
|
31 |
*
|
|
|
32 |
* @package core
|
|
|
33 |
* @copyright 2016 Cameron Ball <cameron@cameron1729.xyz>
|
|
|
34 |
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
|
|
|
35 |
*/
|
|
|
36 |
final class util {
|
|
|
37 |
|
|
|
38 |
/**
|
|
|
39 |
* Gets the minimum version of a SSL/TLS library required for TLS 1.2 support.
|
|
|
40 |
*
|
|
|
41 |
* @param string $sslflavour The SSL/TLS library
|
|
|
42 |
* @return string|false The version string if it exists. False otherwise
|
|
|
43 |
*/
|
|
|
44 |
private static function get_min_ssl_lib_version_for_tls12($sslflavour) {
|
|
|
45 |
// Min versions for TLS 1.2.
|
|
|
46 |
$versionmatrix = [
|
|
|
47 |
'OpenSSL' => '1.0.1c',
|
|
|
48 |
'GnuTLS' => '1.7.1',
|
|
|
49 |
'NSS' => '3.15.1', // This number is usually followed by something like "Basic ECC".
|
|
|
50 |
'CyaSSL' => '1.1.0',
|
|
|
51 |
'wolfSSL' => '1.1.0',
|
|
|
52 |
'PolarSSL' => '1.2.0',
|
|
|
53 |
'WinSSL' => '*', // Does not specify a version but needs Windows >= 7.
|
|
|
54 |
'SecureTransport' => '*' // Does not specify a version but needs iOS >= 5.0 or OS X >= 10.8.0.
|
|
|
55 |
];
|
|
|
56 |
|
|
|
57 |
return isset($versionmatrix[$sslflavour]) ? $versionmatrix[$sslflavour] : false;
|
|
|
58 |
}
|
|
|
59 |
|
|
|
60 |
/**
|
|
|
61 |
* Validates PHP/cURL extension for use with SSL/TLS.
|
|
|
62 |
*
|
|
|
63 |
* @param array $curlinfo array of cURL information as returned by curl_version()
|
|
|
64 |
* @param int $zts 0 or 1 as defined by PHP_ZTS
|
|
|
65 |
* @return bool
|
|
|
66 |
*/
|
|
|
67 |
public static function validate_php_curl_tls(array $curlinfo, $zts) {
|
|
|
68 |
if (empty($curlinfo['ssl_version'])) {
|
|
|
69 |
return false;
|
|
|
70 |
}
|
|
|
71 |
|
|
|
72 |
$flavour = explode('/', $curlinfo['ssl_version'])[0];
|
|
|
73 |
// In threadsafe mode the only valid choices are OpenSSL and GnuTLS.
|
|
|
74 |
if ($zts === 1 && $flavour != 'OpenSSL' && $flavour !== 'GnuTLS') {
|
|
|
75 |
return false;
|
|
|
76 |
}
|
|
|
77 |
|
|
|
78 |
return true;
|
|
|
79 |
}
|
|
|
80 |
|
|
|
81 |
/**
|
|
|
82 |
* Tests if the system is capable of using TLS 1.2 for requests.
|
|
|
83 |
*
|
|
|
84 |
* @param array $curlinfo array of cURL information as returned by curl_version()
|
|
|
85 |
* @param string $uname server uname
|
|
|
86 |
* @return bool
|
|
|
87 |
*/
|
|
|
88 |
public static function can_use_tls12(array $curlinfo, $uname) {
|
|
|
89 |
// Do not compare the cURL version, e.g. $curlinfo['version_number'], with v7.34.0 (467456):
|
|
|
90 |
// some Linux distros backport security issues and keep lower version numbers.
|
|
|
91 |
if (!defined('CURL_SSLVERSION_TLSv1_2')) {
|
|
|
92 |
return false;
|
|
|
93 |
}
|
|
|
94 |
|
|
|
95 |
$sslversion = explode('/', $curlinfo['ssl_version']);
|
|
|
96 |
// NSS has a space in the version number 😦.
|
|
|
97 |
$flavour = explode(' ', $sslversion[0])[0];
|
|
|
98 |
$version = count($sslversion) == 2 ? $sslversion[1] : null;
|
|
|
99 |
|
|
|
100 |
$minversion = self::get_min_ssl_lib_version_for_tls12($flavour);
|
|
|
101 |
if (!$minversion) {
|
|
|
102 |
return false;
|
|
|
103 |
}
|
|
|
104 |
|
|
|
105 |
// Special case (see $versionmatrix above).
|
|
|
106 |
if ($flavour == 'WinSSL') {
|
|
|
107 |
return $uname >= '6.1';
|
|
|
108 |
}
|
|
|
109 |
|
|
|
110 |
// Special case (see $versionmatrix above).
|
|
|
111 |
if ($flavour == 'SecureTransport') {
|
|
|
112 |
return $uname >= '10.8.0';
|
|
|
113 |
}
|
|
|
114 |
|
|
|
115 |
return $version >= $minversion;
|
|
|
116 |
}
|
|
|
117 |
}
|