diff --git a/admin/mnet/peer_forms.php b/admin/mnet/peer_forms.php
index ce1c1c086ee..a9339b05104 100644
--- a/admin/mnet/peer_forms.php
+++ b/admin/mnet/peer_forms.php
@@ -94,6 +94,15 @@ class mnet_review_host_form extends moodleform {
$mform->setType('wwwroot', PARAM_URL);
$mform->addRule('wwwroot', get_string('maximumchars', '', 255), 'maxlength', 255, 'client');
+ $options = array(
+ mnet_peer::SSL_NONE => get_string('none'),
+ mnet_peer::SSL_HOST => get_string('verifyhostonly', 'core_mnet'),
+ mnet_peer::SSL_HOST_AND_PEER => get_string('verifyhostandpeer', 'core_mnet')
+ );
+ $mform->addElement('select', 'sslverification', get_string('sslverification', 'core_mnet'), $options);
+ $mform->setDefault('sslverification', mnet_peer::SSL_HOST_AND_PEER);
+ $mform->addHelpButton('sslverification', 'sslverification', 'core_mnet');
+
$themes = array('' => get_string('forceno'));
foreach (array_keys(core_component::get_plugin_list('theme')) as $themename) {
$themes[$themename] = get_string('pluginname', 'theme_'.$themename);
diff --git a/admin/mnet/peers.php b/admin/mnet/peers.php
index 40759dbc0ed..24ef9b6af9a 100644
--- a/admin/mnet/peers.php
+++ b/admin/mnet/peers.php
@@ -172,6 +172,7 @@ if ($formdata = $reviewform->get_data()) {
$mnet_peer->public_key = $formdata->public_key;
$credentials = $mnet_peer->check_credentials($mnet_peer->public_key);
$mnet_peer->public_key_expires = $credentials['validTo_time_t'];
+ $mnet_peer->sslverification = $formdata->sslverification;
if ($mnet_peer->commit()) {
redirect(new moodle_url('/admin/mnet/peers.php', array('hostid' => $mnet_peer->id)), get_string('changessaved'));
diff --git a/admin/mnet/testclient.php b/admin/mnet/testclient.php
index 89734e39b14..f43225c631e 100644
--- a/admin/mnet/testclient.php
+++ b/admin/mnet/testclient.php
@@ -66,12 +66,19 @@ if (!empty($hostid) && array_key_exists($hostid, $hosts)) {
$mnet_request->set_method('system/listServices');
$mnet_request->send($mnet_peer);
+
$services = $mnet_request->response;
$yesno = array('No', 'Yes');
$servicenames = array();
echo $OUTPUT->heading(get_string('servicesavailableonhost', 'mnet', $host->wwwroot));
+ if (!empty($mnet_request->error)) {
+ echo $OUTPUT->heading(get_string('error'), 3);
+ echo html_writer::alist($mnet_request->error);
+ $services = array();
+ }
+
$table = new html_table();
$table->head = array(
get_string('serviceid', 'mnet'),
@@ -127,6 +134,7 @@ if (!empty($hostid) && array_key_exists($hostid, $hosts)) {
echo html_writer::table($table);
+ $mnet_request = new mnet_xmlrpc_client();
$mnet_request->set_method('system/listMethods');
if (isset($servicename) && array_key_exists($servicename, $serviceinfo)) {
echo $OUTPUT->heading(get_string('methodsavailableonhostinservice', 'mnet', (object)array('host' => $host->wwwroot, 'service' => $servicename)));
@@ -139,6 +147,11 @@ if (!empty($hostid) && array_key_exists($hostid, $hosts)) {
$mnet_request->send($mnet_peer);
$methods = $mnet_request->response;
+ if (!empty($mnet_request->error)) {
+ echo $OUTPUT->heading(get_string('error'), 3);
+ echo html_writer::alist($mnet_request->error);
+ $methods = array();
+ }
$table = new html_table();
$table->head = array(
@@ -171,6 +184,12 @@ if (!empty($hostid) && array_key_exists($hostid, $hosts)) {
echo $OUTPUT->heading(get_string('methodsignature', 'mnet', $method));
+ if (!empty($mnet_request->error)) {
+ echo $OUTPUT->heading(get_string('error'), 3);
+ echo html_writer::alist($mnet_request->error);
+ $signature = array();
+ }
+
$table = new html_table();
$table->head = array(
get_string('position', 'mnet'),
diff --git a/lang/en/mnet.php b/lang/en/mnet.php
index d2469c8ca76..041eb48d8cc 100644
--- a/lang/en/mnet.php
+++ b/lang/en/mnet.php
@@ -216,6 +216,12 @@ $string['showlocal'] = 'Show local users';
$string['showremote'] = 'Show remote users';
$string['ssl_acl_allow'] = 'SSO ACL: Allow user \'{$a->user}\' from \'{$a->host}\'';
$string['ssl_acl_deny'] = 'SSO ACL: Deny user \'{$a->user}\' from \'{$a->host}\'';
+$string['sslverification'] = 'SSL verification';
+$string['sslverification_help'] = 'This option allows you to configure the level of security when connecting to a peer using HTTPS.
+
+* None: no level of security
+* Verify host only: validates the domain of the SSL certificate
+* Verify host and peer (recommended): validates the domain and issuer of the SSL certificate';
$string['ssoaccesscontrol'] = 'SSO access control';
$string['ssoacldescr'] = 'Use this page to grant/deny access to specific users from remote MNet hosts. This is functional when you are offering SSO services to remote users. To control your local users\' ability to roam to other MNet hosts, use the roles system to grant them the mnetlogintoremote capability.';
$string['ssoaclneeds'] = 'For this functionality to work, you must have Networking on, plus the MNet authentication plugin enabled.';
@@ -244,6 +250,8 @@ $string['userchangepasswordlink'] = '
You may be able to change your passw
$string['usernotfullysetup'] = 'Your user account is incomplete. You need to go back to your provider and ensure your profile is completed there. You may need to log out and in again for this to take effect.';
$string['usersareonline'] = 'Warning: {$a} users from that server are currently logged on to your site.';
$string['validated_by'] = 'It is validated by the network: {$a}';
+$string['verifyhostandpeer'] = 'Verify host and peer';
+$string['verifyhostonly'] = 'Verify host only';
$string['verifysignature-error'] = 'The signature verification failed. An error has occurred.';
$string['verifysignature-invalid'] = 'The signature verification failed. It appears that this payload was not signed by you.';
$string['version'] = 'Version';
diff --git a/lib/db/install.xml b/lib/db/install.xml
index 6a6c9e41b1f..59a8a7dc135 100644
--- a/lib/db/install.xml
+++ b/lib/db/install.xml
@@ -1,5 +1,5 @@
-
@@ -1442,6 +1442,7 @@
+
@@ -3081,4 +3082,4 @@
-
+
\ No newline at end of file
diff --git a/lib/db/upgrade.php b/lib/db/upgrade.php
index c9728de26b4..95198d6442b 100644
--- a/lib/db/upgrade.php
+++ b/lib/db/upgrade.php
@@ -4058,5 +4058,21 @@ function xmldb_main_upgrade($oldversion) {
// Moodle v2.8.0 release upgrade line.
// Put any upgrade step following this.
+ if ($oldversion < 2014120100.00) {
+
+ // Define field sslverification to be added to mnet_host.
+ $table = new xmldb_table('mnet_host');
+ $field = new xmldb_field('sslverification', XMLDB_TYPE_INTEGER, '1', null, XMLDB_NOTNULL, null, '0', 'applicationid');
+
+ // Conditionally launch add field sslverification.
+ if (!$dbman->field_exists($table, $field)) {
+ $dbman->add_field($table, $field);
+ }
+
+ // Main savepoint reached.
+ upgrade_main_savepoint(true, 2014120100.00);
+ }
+
+
return true;
}
diff --git a/mnet/peer.php b/mnet/peer.php
index 5d8936b04cb..9f72e179853 100644
--- a/mnet/peer.php
+++ b/mnet/peer.php
@@ -12,6 +12,15 @@ require_once($CFG->libdir . '/filelib.php'); // download_file_content() used her
class mnet_peer {
+ /** No SSL verification. */
+ const SSL_NONE = 0;
+
+ /** SSL verification for host. */
+ const SSL_HOST = 1;
+
+ /** SSL verification for host and peer. */
+ const SSL_HOST_AND_PEER = 2;
+
var $id = 0;
var $wwwroot = '';
var $ip_address = '';
@@ -27,6 +36,9 @@ class mnet_peer {
var $error = array();
var $bootstrapped = false; // set when the object is populated
+ /** @var int $sslverification The level of SSL verification to apply. */
+ public $sslverification = self::SSL_HOST_AND_PEER;
+
function mnet_peer() {
return true;
}
@@ -192,6 +204,7 @@ class mnet_peer {
$obj->force_theme = $this->force_theme;
$obj->theme = $this->theme;
$obj->applicationid = $this->applicationid;
+ $obj->sslverification = $this->sslverification;
if (isset($this->id) && $this->id > 0) {
$obj->id = $this->id;
@@ -286,6 +299,7 @@ class mnet_peer {
$this->force_theme = $hostinfo->force_theme;
$this->theme = $hostinfo->theme;
$this->applicationid = $hostinfo->applicationid;
+ $this->sslverification = $hostinfo->sslverification;
$this->application = $DB->get_record('mnet_application', array('id'=>$this->applicationid));
$this->bootstrapped = true;
}
diff --git a/mnet/xmlrpc/client.php b/mnet/xmlrpc/client.php
index 39078d25be7..08414cf3153 100644
--- a/mnet/xmlrpc/client.php
+++ b/mnet/xmlrpc/client.php
@@ -368,8 +368,17 @@ class mnet_xmlrpc_client {
curl_setopt($httprequest, CURLOPT_POST, true);
curl_setopt($httprequest, CURLOPT_USERAGENT, 'Moodle');
curl_setopt($httprequest, CURLOPT_HTTPHEADER, array("Content-Type: text/xml charset=UTF-8"));
- curl_setopt($httprequest, CURLOPT_SSL_VERIFYPEER, false);
- curl_setopt($httprequest, CURLOPT_SSL_VERIFYHOST, 0);
+
+ $verifyhost = 0;
+ $verifypeer = false;
+ if ($mnet_peer->sslverification == mnet_peer::SSL_HOST_AND_PEER) {
+ $verifyhost = 2;
+ $verifypeer = true;
+ } else if ($mnet_peer->sslverification == mnet_peer::SSL_HOST) {
+ $verifyhost = 2;
+ }
+ curl_setopt($httprequest, CURLOPT_SSL_VERIFYHOST, $verifyhost);
+ curl_setopt($httprequest, CURLOPT_SSL_VERIFYPEER, $verifypeer);
return $httprequest;
}
}
diff --git a/version.php b/version.php
index 5d006cb75c4..232fbf5661a 100644
--- a/version.php
+++ b/version.php
@@ -29,7 +29,7 @@
defined('MOODLE_INTERNAL') || die();
-$version = 2014112800.00; // YYYYMMDD = weekly release date of this DEV branch.
+$version = 2014120100.00; // YYYYMMDD = weekly release date of this DEV branch.
// RR = release increments - 00 in DEV branches.
// .XX = incremental changes.