diff --git a/admin/mnet/peer_forms.php b/admin/mnet/peer_forms.php
index ce1c1c086ee..a9339b05104 100644
--- a/admin/mnet/peer_forms.php
+++ b/admin/mnet/peer_forms.php
@@ -94,6 +94,15 @@ class mnet_review_host_form extends moodleform {
$mform->setType('wwwroot', PARAM_URL);
$mform->addRule('wwwroot', get_string('maximumchars', '', 255), 'maxlength', 255, 'client');
+ $options = array(
+ mnet_peer::SSL_NONE => get_string('none'),
+ mnet_peer::SSL_HOST => get_string('verifyhostonly', 'core_mnet'),
+ mnet_peer::SSL_HOST_AND_PEER => get_string('verifyhostandpeer', 'core_mnet')
+ );
+ $mform->addElement('select', 'sslverification', get_string('sslverification', 'core_mnet'), $options);
+ $mform->setDefault('sslverification', mnet_peer::SSL_HOST_AND_PEER);
+ $mform->addHelpButton('sslverification', 'sslverification', 'core_mnet');
+
$themes = array('' => get_string('forceno'));
foreach (array_keys(core_component::get_plugin_list('theme')) as $themename) {
$themes[$themename] = get_string('pluginname', 'theme_'.$themename);
diff --git a/admin/mnet/peers.php b/admin/mnet/peers.php
index 40759dbc0ed..24ef9b6af9a 100644
--- a/admin/mnet/peers.php
+++ b/admin/mnet/peers.php
@@ -172,6 +172,7 @@ if ($formdata = $reviewform->get_data()) {
$mnet_peer->public_key = $formdata->public_key;
$credentials = $mnet_peer->check_credentials($mnet_peer->public_key);
$mnet_peer->public_key_expires = $credentials['validTo_time_t'];
+ $mnet_peer->sslverification = $formdata->sslverification;
if ($mnet_peer->commit()) {
redirect(new moodle_url('/admin/mnet/peers.php', array('hostid' => $mnet_peer->id)), get_string('changessaved'));
diff --git a/admin/mnet/testclient.php b/admin/mnet/testclient.php
index 89734e39b14..f43225c631e 100644
--- a/admin/mnet/testclient.php
+++ b/admin/mnet/testclient.php
@@ -66,12 +66,19 @@ if (!empty($hostid) && array_key_exists($hostid, $hosts)) {
$mnet_request->set_method('system/listServices');
$mnet_request->send($mnet_peer);
+
$services = $mnet_request->response;
$yesno = array('No', 'Yes');
$servicenames = array();
echo $OUTPUT->heading(get_string('servicesavailableonhost', 'mnet', $host->wwwroot));
+ if (!empty($mnet_request->error)) {
+ echo $OUTPUT->heading(get_string('error'), 3);
+ echo html_writer::alist($mnet_request->error);
+ $services = array();
+ }
+
$table = new html_table();
$table->head = array(
get_string('serviceid', 'mnet'),
@@ -127,6 +134,7 @@ if (!empty($hostid) && array_key_exists($hostid, $hosts)) {
echo html_writer::table($table);
+ $mnet_request = new mnet_xmlrpc_client();
$mnet_request->set_method('system/listMethods');
if (isset($servicename) && array_key_exists($servicename, $serviceinfo)) {
echo $OUTPUT->heading(get_string('methodsavailableonhostinservice', 'mnet', (object)array('host' => $host->wwwroot, 'service' => $servicename)));
@@ -139,6 +147,11 @@ if (!empty($hostid) && array_key_exists($hostid, $hosts)) {
$mnet_request->send($mnet_peer);
$methods = $mnet_request->response;
+ if (!empty($mnet_request->error)) {
+ echo $OUTPUT->heading(get_string('error'), 3);
+ echo html_writer::alist($mnet_request->error);
+ $methods = array();
+ }
$table = new html_table();
$table->head = array(
@@ -171,6 +184,12 @@ if (!empty($hostid) && array_key_exists($hostid, $hosts)) {
echo $OUTPUT->heading(get_string('methodsignature', 'mnet', $method));
+ if (!empty($mnet_request->error)) {
+ echo $OUTPUT->heading(get_string('error'), 3);
+ echo html_writer::alist($mnet_request->error);
+ $signature = array();
+ }
+
$table = new html_table();
$table->head = array(
get_string('position', 'mnet'),
diff --git a/lang/en/mnet.php b/lang/en/mnet.php
index d2469c8ca76..041eb48d8cc 100644
--- a/lang/en/mnet.php
+++ b/lang/en/mnet.php
@@ -216,6 +216,12 @@ $string['showlocal'] = 'Show local users';
$string['showremote'] = 'Show remote users';
$string['ssl_acl_allow'] = 'SSO ACL: Allow user \'{$a->user}\' from \'{$a->host}\'';
$string['ssl_acl_deny'] = 'SSO ACL: Deny user \'{$a->user}\' from \'{$a->host}\'';
+$string['sslverification'] = 'SSL verification';
+$string['sslverification_help'] = 'This option allows you to configure the level of security when connecting to a peer using HTTPS.
+
+* None: no level of security
+* Verify host only: validates the domain of the SSL certificate
+* Verify host and peer (recommended): validates the domain and issuer of the SSL certificate';
$string['ssoaccesscontrol'] = 'SSO access control';
$string['ssoacldescr'] = 'Use this page to grant/deny access to specific users from remote MNet hosts. This is functional when you are offering SSO services to remote users. To control your <em>local</em> users\' ability to roam to other MNet hosts, use the roles system to grant them the <em>mnetlogintoremote</em> capability.';
$string['ssoaclneeds'] = 'For this functionality to work, you must have Networking on, plus the MNet authentication plugin enabled.';
@@ -244,6 +250,8 @@ $string['userchangepasswordlink'] = '<br /> You may be able to change your passw
$string['usernotfullysetup'] = 'Your user account is incomplete. You need to go <a href="{$a}">back to your provider</a> and ensure your profile is completed there. You may need to log out and in again for this to take effect.';
$string['usersareonline'] = 'Warning: {$a} users from that server are currently logged on to your site.';
$string['validated_by'] = 'It is validated by the network: <code>{$a}</code>';
+$string['verifyhostandpeer'] = 'Verify host and peer';
+$string['verifyhostonly'] = 'Verify host only';
$string['verifysignature-error'] = 'The signature verification failed. An error has occurred.';
$string['verifysignature-invalid'] = 'The signature verification failed. It appears that this payload was not signed by you.';
$string['version'] = 'Version';
diff --git a/lib/db/install.xml b/lib/db/install.xml
index 6a6c9e41b1f..59a8a7dc135 100644
--- a/lib/db/install.xml
+++ b/lib/db/install.xml
@@ -1,5 +1,5 @@
<?xml version="1.0" encoding="UTF-8" ?>
-<XMLDB PATH="lib/db" VERSION="20141017" COMMENT="XMLDB file for core Moodle tables"
+<XMLDB PATH="lib/db" VERSION="20141117" COMMENT="XMLDB file for core Moodle tables"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:noNamespaceSchemaLocation="../../lib/xmldb/xmldb.xsd"
>
@@ -1442,6 +1442,7 @@
<FIELD NAME="force_theme" TYPE="int" LENGTH="1" NOTNULL="true" DEFAULT="0" SEQUENCE="false"/>
<FIELD NAME="theme" TYPE="char" LENGTH="100" NOTNULL="false" SEQUENCE="false"/>
<FIELD NAME="applicationid" TYPE="int" LENGTH="10" NOTNULL="true" DEFAULT="1" SEQUENCE="false"/>
+ <FIELD NAME="sslverification" TYPE="int" LENGTH="1" NOTNULL="true" DEFAULT="0" SEQUENCE="false"/>
</FIELDS>
<KEYS>
<KEY NAME="primary" TYPE="primary" FIELDS="id" COMMENT="primary key of the mnet_host table"/>
@@ -3081,4 +3082,4 @@
</KEYS>
</TABLE>
</TABLES>
-</XMLDB>
+</XMLDB>
\ No newline at end of file
diff --git a/lib/db/upgrade.php b/lib/db/upgrade.php
index c9728de26b4..9c80f57e221 100644
--- a/lib/db/upgrade.php
+++ b/lib/db/upgrade.php
@@ -4058,5 +4058,21 @@ function xmldb_main_upgrade($oldversion) {
// Moodle v2.8.0 release upgrade line.
// Put any upgrade step following this.
+ if ($oldversion < 2014112001.00) {
+
+ // Define field sslverification to be added to mnet_host.
+ $table = new xmldb_table('mnet_host');
+ $field = new xmldb_field('sslverification', XMLDB_TYPE_INTEGER, '1', null, XMLDB_NOTNULL, null, '0', 'applicationid');
+
+ // Conditionally launch add field sslverification.
+ if (!$dbman->field_exists($table, $field)) {
+ $dbman->add_field($table, $field);
+ }
+
+ // Main savepoint reached.
+ upgrade_main_savepoint(true, 2014112001.00);
+ }
+
+
return true;
}
diff --git a/mnet/peer.php b/mnet/peer.php
index 5d8936b04cb..9f72e179853 100644
--- a/mnet/peer.php
+++ b/mnet/peer.php
@@ -12,6 +12,15 @@ require_once($CFG->libdir . '/filelib.php'); // download_file_content() used her
class mnet_peer {
+ /** No SSL verification. */
+ const SSL_NONE = 0;
+
+ /** SSL verification for host. */
+ const SSL_HOST = 1;
+
+ /** SSL verification for host and peer. */
+ const SSL_HOST_AND_PEER = 2;
+
var $id = 0;
var $wwwroot = '';
var $ip_address = '';
@@ -27,6 +36,9 @@ class mnet_peer {
var $error = array();
var $bootstrapped = false; // set when the object is populated
+ /** @var int $sslverification The level of SSL verification to apply. */
+ public $sslverification = self::SSL_HOST_AND_PEER;
+
function mnet_peer() {
return true;
}
@@ -192,6 +204,7 @@ class mnet_peer {
$obj->force_theme = $this->force_theme;
$obj->theme = $this->theme;
$obj->applicationid = $this->applicationid;
+ $obj->sslverification = $this->sslverification;
if (isset($this->id) && $this->id > 0) {
$obj->id = $this->id;
@@ -286,6 +299,7 @@ class mnet_peer {
$this->force_theme = $hostinfo->force_theme;
$this->theme = $hostinfo->theme;
$this->applicationid = $hostinfo->applicationid;
+ $this->sslverification = $hostinfo->sslverification;
$this->application = $DB->get_record('mnet_application', array('id'=>$this->applicationid));
$this->bootstrapped = true;
}
diff --git a/mnet/xmlrpc/client.php b/mnet/xmlrpc/client.php
index 39078d25be7..08414cf3153 100644
--- a/mnet/xmlrpc/client.php
+++ b/mnet/xmlrpc/client.php
@@ -368,8 +368,17 @@ class mnet_xmlrpc_client {
curl_setopt($httprequest, CURLOPT_POST, true);
curl_setopt($httprequest, CURLOPT_USERAGENT, 'Moodle');
curl_setopt($httprequest, CURLOPT_HTTPHEADER, array("Content-Type: text/xml charset=UTF-8"));
- curl_setopt($httprequest, CURLOPT_SSL_VERIFYPEER, false);
- curl_setopt($httprequest, CURLOPT_SSL_VERIFYHOST, 0);
+
+ $verifyhost = 0;
+ $verifypeer = false;
+ if ($mnet_peer->sslverification == mnet_peer::SSL_HOST_AND_PEER) {
+ $verifyhost = 2;
+ $verifypeer = true;
+ } else if ($mnet_peer->sslverification == mnet_peer::SSL_HOST) {
+ $verifyhost = 2;
+ }
+ curl_setopt($httprequest, CURLOPT_SSL_VERIFYHOST, $verifyhost);
+ curl_setopt($httprequest, CURLOPT_SSL_VERIFYPEER, $verifypeer);
return $httprequest;
}
}
diff --git a/version.php b/version.php
index bc99b638e3b..e9bc7245ada 100644
--- a/version.php
+++ b/version.php
@@ -29,7 +29,7 @@
defined('MOODLE_INTERNAL') || die();
-$version = 2014112000.00; // YYYYMMDD = weekly release date of this DEV branch.
+$version = 2014112001.00; // YYYYMMDD = weekly release date of this DEV branch.
// RR = release increments - 00 in DEV branches.
// .XX = incremental changes.