You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
118 lines
4.0 KiB
118 lines
4.0 KiB
2 years ago
|
<?php
|
||
|
// This file is part of Moodle - http://moodle.org/
|
||
|
//
|
||
|
// Moodle is free software: you can redistribute it and/or modify
|
||
|
// it under the terms of the GNU General Public License as published by
|
||
|
// the Free Software Foundation, either version 3 of the License, or
|
||
|
// (at your option) any later version.
|
||
|
//
|
||
|
// Moodle is distributed in the hope that it will be useful,
|
||
|
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||
|
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||
|
// GNU General Public License for more details.
|
||
|
//
|
||
|
// You should have received a copy of the GNU General Public License
|
||
|
// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
|
||
|
|
||
|
/**
|
||
|
* PayPal enrolment plugin utility class.
|
||
|
*
|
||
|
* @package core
|
||
|
* @copyright 2016 Cameron Ball <cameron@cameron1729.xyz>
|
||
|
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
|
||
|
*/
|
||
|
|
||
|
namespace core\upgrade;
|
||
|
|
||
|
defined('MOODLE_INTERNAL') || die();
|
||
|
|
||
|
/**
|
||
|
* Core upgrade utility class.
|
||
|
*
|
||
|
* @package core
|
||
|
* @copyright 2016 Cameron Ball <cameron@cameron1729.xyz>
|
||
|
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
|
||
|
*/
|
||
|
final class util {
|
||
|
|
||
|
/**
|
||
|
* Gets the minimum version of a SSL/TLS library required for TLS 1.2 support.
|
||
|
*
|
||
|
* @param string $sslflavour The SSL/TLS library
|
||
|
* @return string|false The version string if it exists. False otherwise
|
||
|
*/
|
||
|
private static function get_min_ssl_lib_version_for_tls12($sslflavour) {
|
||
|
// Min versions for TLS 1.2.
|
||
|
$versionmatrix = [
|
||
|
'OpenSSL' => '1.0.1c',
|
||
|
'GnuTLS' => '1.7.1',
|
||
|
'NSS' => '3.15.1', // This number is usually followed by something like "Basic ECC".
|
||
|
'CyaSSL' => '1.1.0',
|
||
|
'wolfSSL' => '1.1.0',
|
||
|
'PolarSSL' => '1.2.0',
|
||
|
'WinSSL' => '*', // Does not specify a version but needs Windows >= 7.
|
||
|
'SecureTransport' => '*' // Does not specify a version but needs iOS >= 5.0 or OS X >= 10.8.0.
|
||
|
];
|
||
|
|
||
|
return isset($versionmatrix[$sslflavour]) ? $versionmatrix[$sslflavour] : false;
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* Validates PHP/cURL extension for use with SSL/TLS.
|
||
|
*
|
||
|
* @param array $curlinfo array of cURL information as returned by curl_version()
|
||
|
* @param int $zts 0 or 1 as defined by PHP_ZTS
|
||
|
* @return bool
|
||
|
*/
|
||
|
public static function validate_php_curl_tls(array $curlinfo, $zts) {
|
||
|
if (empty($curlinfo['ssl_version'])) {
|
||
|
return false;
|
||
|
}
|
||
|
|
||
|
$flavour = explode('/', $curlinfo['ssl_version'])[0];
|
||
|
// In threadsafe mode the only valid choices are OpenSSL and GnuTLS.
|
||
|
if ($zts === 1 && $flavour != 'OpenSSL' && $flavour !== 'GnuTLS') {
|
||
|
return false;
|
||
|
}
|
||
|
|
||
|
return true;
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* Tests if the system is capable of using TLS 1.2 for requests.
|
||
|
*
|
||
|
* @param array $curlinfo array of cURL information as returned by curl_version()
|
||
|
* @param string $uname server uname
|
||
|
* @return bool
|
||
|
*/
|
||
|
public static function can_use_tls12(array $curlinfo, $uname) {
|
||
|
// Do not compare the cURL version, e.g. $curlinfo['version_number'], with v7.34.0 (467456):
|
||
|
// some Linux distros backport security issues and keep lower version numbers.
|
||
|
if (!defined('CURL_SSLVERSION_TLSv1_2')) {
|
||
|
return false;
|
||
|
}
|
||
|
|
||
|
$sslversion = explode('/', $curlinfo['ssl_version']);
|
||
|
// NSS has a space in the version number 😦.
|
||
|
$flavour = explode(' ', $sslversion[0])[0];
|
||
|
$version = count($sslversion) == 2 ? $sslversion[1] : null;
|
||
|
|
||
|
$minversion = self::get_min_ssl_lib_version_for_tls12($flavour);
|
||
|
if (!$minversion) {
|
||
|
return false;
|
||
|
}
|
||
|
|
||
|
// Special case (see $versionmatrix above).
|
||
|
if ($flavour == 'WinSSL') {
|
||
|
return $uname >= '6.1';
|
||
|
}
|
||
|
|
||
|
// Special case (see $versionmatrix above).
|
||
|
if ($flavour == 'SecureTransport') {
|
||
|
return $uname >= '10.8.0';
|
||
|
}
|
||
|
|
||
|
return $version >= $minversion;
|
||
|
}
|
||
|
}
|