MDL-45981 auth_cas: add suport to SSL3 on CAS.

This patch gives the user the option of specifying which SSL version PHPCAS/cURL should use.

auth/cas/auth.php

@@ -183,6 +183,11 @@ function connectCAS() {
             } else {
                 phpCAS::client($this->config->casversion, $this->config->hostname, (int) $this->config->port, $this->config->baseuri, false);
             }
+            //Some CAS installs require SSLv3, etc be explicitly set.
+            if (!empty($this->config->curl_ssl_version)) {
+                phpCAS::setExtraCurlOption(CURLOPT_SSLVERSION,$this->config->curl_ssl_version);
+            }
+
             $connected = true;
         }
 
@@ -302,6 +307,9 @@ function process_config($config) {
         if (!isset($config->certificate_path)) {
             $config->certificate_path = '';
         }
+        if (!isset($config->curl_ssl_version)) {
+            $config->curl_ssl_version = '';
+        }
         if (!isset($config->logout_return_url)) {
             $config->logout_return_url = '';
         }
@@ -374,6 +382,7 @@ function process_config($config) {
         set_config('multiauth', $config->multiauth, $this->pluginconfig);
         set_config('certificate_check', $config->certificate_check, $this->pluginconfig);
         set_config('certificate_path', $config->certificate_path, $this->pluginconfig);
+        set_config('curl_ssl_version', $config->curl_ssl_version, $this->pluginconfig);
         set_config('logout_return_url', $config->logout_return_url, $this->pluginconfig);
 
         // save LDAP settings

auth/cas/config.html

@@ -33,6 +33,9 @@
 if (!isset ($config->certificate_path)) {
     $config->certificate_path = '';
 }
+if (!isset ($config->curl_ssl_version)) {
+    $config->curl_ssl_version = '';
+}
 if (!isset($config->logout_return_url)) {
     $config->logout_return_url = '';
 }
@@ -216,6 +219,16 @@ <h4><?php print_string('auth_cas_server_settings', 'auth_cas') ?></h4>
         <?php print_string('auth_cas_certificate_path', 'auth_cas') ?>
     </td>
 </tr>
+<tr valign="top" class="required">
+    <td align="right"><label for="curl_ssl_version"><?php print_string('auth_cas_curl_ssl_version_key', 'auth_cas') ?>: </label></td>
+    <td>
+        <input name="curl_ssl_version" id="curl_ssl_version" type="text" size="3" value="<?php echo $config->curl_ssl_version ?>" />
+        <?php if (isset($err['curl_ssl_version'])) echo $OUTPUT->error_text($err['curl_ssl_version']); ?>
+    </td>
+    <td>
+        <?php print_string('auth_cas_curl_ssl_version', 'auth_cas') ?>
+    </td>
+</tr>
 <tr valign="top" class="required">
     <td align="right"><?php print_string('auth_cas_logout_return_url_key', 'auth_cas') ?>:</td>
     <td>

auth/cas/lang/en/auth_cas.php

@@ -35,6 +35,8 @@
 $string['auth_cas_certificate_check_key'] = 'Server validation';
 $string['auth_cas_certificate_path'] = 'Path of the CA chain file (PEM Format) to validate the server certificate';
 $string['auth_cas_certificate_path_key'] = 'Certificate path';
+$string['auth_cas_curl_ssl_version'] = 'The SSL version (2 or 3) to use. By default PHP will try to determine this itself, although in some cases this must be set manually.';
+$string['auth_cas_curl_ssl_version_key'] = 'cURL SSL Version';
 $string['auth_cas_create_user'] = 'Turn this on if you want to insert CAS-authenticated users in Moodle database. If not then only users who already exist in the Moodle database can log in.';
 $string['auth_cas_create_user_key'] = 'Create user';
 $string['auth_casdescription'] = 'This method uses a CAS server (Central Authentication Service) to authenticate users in a Single Sign On environment (SSO). You can also use a simple LDAP authentication. If the given username and password are valid according to CAS, Moodle creates a new user entry in its database, taking user attributes from LDAP if required. On following logins only the username and password are checked.';