Search moodle.org's
Developer Documentation

See Release Notes
Long Term Support Release

  • Bug fixes for general core bugs in 4.1.x will end 13 November 2023 (12 months).
  • Bug fixes for security issues in 4.1.x will end 10 November 2025 (36 months).
  • PHP version: minimum PHP 7.4.0 Note: minimum PHP version has increased since Moodle 4.0. PHP 8.0.x is supported too.

Differences Between: [Versions 310 and 401] [Versions 39 and 401] [Versions 401 and 402] [Versions 401 and 403]

   1  <?php
   2  // This file is part of Moodle - http://moodle.org/
   3  //
   4  // Moodle is free software: you can redistribute it and/or modify
   5  // it under the terms of the GNU General Public License as published by
   6  // the Free Software Foundation, either version 3 of the License, or
   7  // (at your option) any later version.
   8  //
   9  // Moodle is distributed in the hope that it will be useful,
  10  // but WITHOUT ANY WARRANTY; without even the implied warranty of
  11  // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12  // GNU General Public License for more details.
  13  //
  14  // You should have received a copy of the GNU General Public License
  15  // along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
  16  
  17  namespace core;
  18  
  19  defined('MOODLE_INTERNAL') || die();
  20  
  21  // Hack to let tests run on Travis CI.
  22  defined('CURL_SSLVERSION_TLSv1_2') || define('CURL_SSLVERSION_TLSv1_2', 6);
  23  
  24  /**
  25   * Upgrade utility class tests.
  26   *
  27   * @package   core
  28   * @copyright 2016 Cameron Ball <cameron@cameron1729.xyz>
  29   * @license   http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
  30   */
  31  class upgrade_util_test extends \advanced_testcase {
  32  
  33      /**
  34       * The value of PHP_ZTS when thread safety is enabled.
  35       */
  36      const PHP_ZTS_ENABLED = 1;
  37  
  38      /**
  39       * The value of PHP_ZTS when thread safety is disabled.
  40       */
  41      const PHP_ZTS_DISABLED = 0;
  42  
  43      /**
  44       * Test PHP/cURL validation.
  45       *
  46       * @dataProvider validate_php_curl_tls_testcases()
  47       * @param array $curlinfo server curl_version array
  48       * @param int   $zts      0 or 1 as defined by PHP_ZTS
  49       * @param bool  $expected expected result
  50       */
  51      public function test_validate_php_curl_tls($curlinfo, $zts, $expected) {
  52          $this->assertSame($expected, \core\upgrade\util::validate_php_curl_tls($curlinfo, $zts));
  53      }
  54  
  55      /**
  56       * Test cases for validate_php_curl_tls test.
  57       */
  58      public function validate_php_curl_tls_testcases() {
  59          $base = curl_version();
  60  
  61          return [
  62              'Not threadsafe - Valid SSL (GnuTLS)' => [
  63                  ['ssl_version' => 'GnuTLS/4.20'] + $base,
  64                  self::PHP_ZTS_DISABLED,
  65                  true
  66              ],
  67              'Not threadsafe - Valid SSL (OpenSSL)' => [
  68                  ['ssl_version' => 'OpenSSL'] + $base,
  69                  self::PHP_ZTS_DISABLED,
  70                  true
  71              ],
  72              'Not threadsafe - Valid SSL (WinSSL)' => [
  73                  ['ssl_version' => 'WinSSL'] + $base,
  74                  self::PHP_ZTS_DISABLED,
  75                  true
  76              ],
  77              'Not threadsafe - Invalid SSL' => [
  78                  ['ssl_version' => ''] + $base,
  79                  self::PHP_ZTS_DISABLED,
  80                  false
  81              ],
  82              'Threadsafe - Valid SSL (OpenSSL)' => [
  83                  ['ssl_version' => 'OpenSSL/1729'] + $base,
  84                  self::PHP_ZTS_ENABLED,
  85                  true
  86              ],
  87              'Threadsafe - Valid SSL (GnuTLS)' => [
  88                  ['ssl_version' => 'GnuTLS/3.14'] + $base,
  89                  self::PHP_ZTS_ENABLED,
  90                  true
  91              ],
  92              'Threadsafe - Invalid SSL' => [
  93                  ['ssl_version' => ''] + $base,
  94                  self::PHP_ZTS_ENABLED,
  95                  false
  96              ],
  97              'Threadsafe - Invalid SSL (but not empty)' => [
  98                  ['ssl_version' => 'Not GnuTLS or OpenSSL'] + $base,
  99                  self::PHP_ZTS_ENABLED,
 100                  false
 101              ]
 102          ];
 103      }
 104  
 105      /**
 106       * Test various combinations of SSL/TLS libraries.
 107       *
 108       * @dataProvider can_use_tls12_testcases
 109       * @param string $sslversion the ssl_version string.
 110       * @param string|null $uname uname string (or null if not relevant)
 111       * @param bool $expected expected result
 112       */
 113      public function test_can_use_tls12($sslversion, $uname, $expected) {
 114          // Populate curlinfo with whats installed on this php install.
 115          $curlinfo = curl_version();
 116  
 117          // Set the curl values we are testing to the passed data.
 118          $curlinfo['ssl_version'] = $sslversion;
 119  
 120          // Set uname to system value if none passed in test case.
 121          $uname = !empty($uname) ? $uname : php_uname('r');
 122  
 123          $this->assertSame($expected, \core\upgrade\util::can_use_tls12($curlinfo, $uname));
 124      }
 125  
 126      /**
 127       * Test cases for the can_use_tls12 test.
 128       * The returned data format is:
 129       *  [(string) ssl_version, (string|null) uname (null if not relevant), (bool) expectation ]
 130       *
 131       * @return array of testcases
 132       */
 133      public function can_use_tls12_testcases() {
 134          return [
 135              // Bad versions.
 136              ['OpenSSL/0.9.8o', null, false],
 137              ['GnuTLS/1.5.0', null, false],
 138              ['NSS/3.14.15', null, false],
 139              ['CyaSSL/0.9.9', null, false],
 140              ['wolfSSL/1.0.0', null, false],
 141              ['WinSSL', '5.1', false],
 142              ['SecureTransport', '10.7.5', false],
 143              // Lowest good version.
 144              ['OpenSSL/1.0.1c', null, true],
 145              ['GnuTLS/1.7.1', null, true],
 146              ['NSS/3.15.1 Basic ECC', null, true],
 147              ['CyaSSL/1.1.0', null, true],
 148              ['wolfSSL/1.1.0', null, true],
 149              ['WinSSL', '6.1', true],
 150              ['SecureTransport', '10.8.0', true],
 151              // More higher good versions.
 152              ['OpenSSL/1.0.1t', null, true],
 153              ['GnuTLS/1.8.1', null, true],
 154              ['NSS/3.17.2 Basic ECC', null, true],
 155              ['CyaSSL/1.2.0', null, true],
 156              ['wolfSSL/1.2.0', null, true],
 157              ['WinSSL', '7.0', true],
 158              ['SecureTransport', '10.9.0', true],
 159          ];
 160      }
 161  }