See Release Notes
Long Term Support Release
1 <?php 2 // This file is part of Moodle - http://moodle.org/ 3 // 4 // Moodle is free software: you can redistribute it and/or modify 5 // it under the terms of the GNU General Public License as published by 6 // the Free Software Foundation, either version 3 of the License, or 7 // (at your option) any later version. 8 // 9 // Moodle is distributed in the hope that it will be useful, 10 // but WITHOUT ANY WARRANTY; without even the implied warranty of 11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 // GNU General Public License for more details. 13 // 14 // You should have received a copy of the GNU General Public License 15 // along with Moodle. If not, see <http://www.gnu.org/licenses/>. 16 17 /** 18 * PayPal enrolment plugin utility class. 19 * 20 * @package core 21 * @copyright 2016 Cameron Ball <cameron@cameron1729.xyz> 22 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later 23 */ 24 25 namespace core\upgrade; 26 27 defined('MOODLE_INTERNAL') || die(); 28 29 /** 30 * Core upgrade utility class. 31 * 32 * @package core 33 * @copyright 2016 Cameron Ball <cameron@cameron1729.xyz> 34 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later 35 */ 36 final class util { 37 38 /** 39 * Gets the minimum version of a SSL/TLS library required for TLS 1.2 support. 40 * 41 * @param string $sslflavour The SSL/TLS library 42 * @return string|false The version string if it exists. False otherwise 43 */ 44 private static function get_min_ssl_lib_version_for_tls12($sslflavour) { 45 // Min versions for TLS 1.2. 46 $versionmatrix = [ 47 'OpenSSL' => '1.0.1c', 48 'GnuTLS' => '1.7.1', 49 'NSS' => '3.15.1', // This number is usually followed by something like "Basic ECC". 50 'CyaSSL' => '1.1.0', 51 'wolfSSL' => '1.1.0', 52 'PolarSSL' => '1.2.0', 53 'WinSSL' => '*', // Does not specify a version but needs Windows >= 7. 54 'SecureTransport' => '*' // Does not specify a version but needs iOS >= 5.0 or OS X >= 10.8.0. 55 ]; 56 57 return isset($versionmatrix[$sslflavour]) ? $versionmatrix[$sslflavour] : false; 58 } 59 60 /** 61 * Validates PHP/cURL extension for use with SSL/TLS. 62 * 63 * @param array $curlinfo array of cURL information as returned by curl_version() 64 * @param int $zts 0 or 1 as defined by PHP_ZTS 65 * @return bool 66 */ 67 public static function validate_php_curl_tls(array $curlinfo, $zts) { 68 if (empty($curlinfo['ssl_version'])) { 69 return false; 70 } 71 72 $flavour = explode('/', $curlinfo['ssl_version'])[0]; 73 // In threadsafe mode the only valid choices are OpenSSL and GnuTLS. 74 if ($zts === 1 && $flavour != 'OpenSSL' && $flavour !== 'GnuTLS') { 75 return false; 76 } 77 78 return true; 79 } 80 81 /** 82 * Tests if the system is capable of using TLS 1.2 for requests. 83 * 84 * @param array $curlinfo array of cURL information as returned by curl_version() 85 * @param string $uname server uname 86 * @return bool 87 */ 88 public static function can_use_tls12(array $curlinfo, $uname) { 89 // Do not compare the cURL version, e.g. $curlinfo['version_number'], with v7.34.0 (467456): 90 // some Linux distros backport security issues and keep lower version numbers. 91 if (!defined('CURL_SSLVERSION_TLSv1_2')) { 92 return false; 93 } 94 95 $sslversion = explode('/', $curlinfo['ssl_version']); 96 // NSS has a space in the version number 😦. 97 $flavour = explode(' ', $sslversion[0])[0]; 98 $version = count($sslversion) == 2 ? $sslversion[1] : null; 99 100 $minversion = self::get_min_ssl_lib_version_for_tls12($flavour); 101 if (!$minversion) { 102 return false; 103 } 104 105 // Special case (see $versionmatrix above). 106 if ($flavour == 'WinSSL') { 107 return $uname >= '6.1'; 108 } 109 110 // Special case (see $versionmatrix above). 111 if ($flavour == 'SecureTransport') { 112 return $uname >= '10.8.0'; 113 } 114 115 return $version >= $minversion; 116 } 117 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body