PHP72: Exceptions if php-openssl isn't installed

[Niduroki]

When using PHP72 sessions blow up.
When the session cookie (instance-id) is set you get an exception.
The DAV client still works though (since it doesn't use sessions I suppose).

{"reqId":"XYZ","level":3,"time":"…","remoteAddr":"…","user":"--","app":"PHP","method":"GET","url":"\/index.php\/login","message":"Function create_function() is deprecated at /owncloud/lib/composer/phpseclib/phpseclib/phpseclib/Crypt/Base.php#2495"}

{"reqId":"XYZ","level":3,"time":"…","remoteAddr":"…","user":"--","app":"PHP","method":"GET","url":"\/index.php\/login","message":"ini_set(): A session is active. You cannot change the session module's ini settings at this time at /owncloud/lib/base.php#596"}

{"reqId":"XYZ","level":3,"time":"…","remoteAddr":"…","user":"--","app":"index","method":"GET","url":"\/index.php\/login","message":"Exception:
{\"Exception\":\"Exception\",
\"Message\":"Session has been closed - no further changes to the session are allowed",
\"Code\":0,\"Trace\":\"
#0 /owncloud/lib/private/Session/Memory.php(52): OC\Session\Memory->validateSession()
#1 /owncloud/lib/private/Security/CSRF/TokenStorage/SessionStorage.php(63): OC\Session\Memory->set('requesttoken', 'R51xt2JdLRCLhvq...')
#2 /owncloud/lib/private/Security/CSRF/CsrfTokenManager.php(57): OC\Security\CSRF\TokenStorage\SessionStorage->setToken('R51xt2JdLRCLhvq...')
#3 /owncloud/lib/public/Util.php(511): OC\Security\CSRF\CsrfTokenManager->getToken(*** sensitive parameters replaced ***)
#4 /owncloud/lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php(139): OC\Util::callRegister()
#5 /owncloud/lib/private/AppFramework/Middleware/MiddlewareDispatcher.php(93): OC\AppFramework\Middleware\Security\SecurityMiddleware->beforeController(Object(OC\Core\Controller\LoginController), 'showLoginForm')
#6 /owncloud/lib/private/AppFramework/Http/Dispatcher.php(88): OC\AppFramework\Middleware\MiddlewareDispatcher->beforeController(Object(OC\Core\Controller\LoginController), 'showLoginForm')
#7 /owncloud/lib/private/AppFramework/App.php(103): OC\AppFramework\Http\Dispatcher->dispatch(Object(OC\Core\Controller\LoginController), 'showLoginForm')
#8 /owncloud/lib/private/AppFramework/Routing/RouteActionHandler.php(46): OC\AppFramework\App::main('LoginController', 'showLoginForm', Object(OC\AppFramework\DependencyInjection\DIContainer), Array)
#9 [internal function]: OC\AppFramework\Routing\RouteActionHandler->__invoke(Array)
#10 /owncloud/lib/private/Route/Router.php(342): call_user_func(Object(OC\AppFramework\Routing\RouteActionHandler), Array)
#11 /owncloud/lib/base.php(913): OC\Route\Router->match('/login')
#12 /owncloud/index.php(55): OC::handleRequest()
#13 {main}
\",\"File\":"/owncloud/lib/private/Session/Memory.php","Line":119}"}

If I remove the "Session closed" line in /lib/private/Session/Memory.php#119 I instead get a CSRF error "You took too long to log in" message, when trying to log in (but no exception, at least).

Everything works fine with php 7.1.13.

Server configuration

Operating system:
openSUSE rolling release

Web server:
nginx 1.12.1

Database:
postgres 10.1

PHP version:
PHP 7.2.1

ownCloud version: (see ownCloud admin page)
10.0.6.1

Updated from an older ownCloud or fresh install:
updated

Where did you install ownCloud from:
owncloud.org ZIP

The content of config/config.php:

$CONFIG = array (
  'datadirectory' => '/home/http/owncloud/data',
  'dbtype' => 'pgsql',
  'version' => '10.0.6.1',
  'installed' => true,
  'appstoreenabled' => true,
  'forcessl' => true,
  'maxZipInputSize' => 419430400,
  'allowZipDownload' => true,
'trusted_domains' =>
  array (
    0 => '…',
    1 => '…',
  ),
  'theme' => '',
  'maintenance' => false,
  'trashbin_retention_obligation' => 'auto',
  'appstore.experimental.enabled' => false,
  'mail_smtpmode' => 'php',
  'htaccess.RewriteBase' => '/',
  'singleuser' => false,
);

List of activated apps:

Enabled:
  - calendar: 1.5.4
  - comments: 0.3.0
  - configreport: 0.1.1
  - contacts: 1.5.3
  - dav: 0.3.2
  - federatedfilesharing: 0.3.1
  - federation: 0.1.0
  - files: 1.5.1
  - files_external: 0.7.1
  - files_pdfviewer: 0.8.2
  - files_sharing: 0.10.1
  - files_texteditor: 2.2.1
  - files_trashbin: 0.9.1
  - files_versions: 1.3.0
  - files_videoplayer: 0.9.8
  - firstrunwizard: 1.1
  - gallery: 16.0.2
  - market: 0.2.3
  - notifications: 0.3.2
  - provisioning_api: 0.5.0
  - systemtags: 0.3.0
  - templateeditor: 0.2
  - updatenotification: 0.2.1
Disabled:
  - encryption
  - external
  - theme-example
  - user_external

[tomneedham]

@Kondou-ger can you please test #30141 to see if this resolves the issue for you Thanks.

My bad. I think this is a different issue. My PR just corrects the exception type so that it is caught in certain circumstances, but I think this is different.

[patrickjahns]

@Kondou-ger
Can you check that you have openssl extension for php7.2 installed and properly setup

[Niduroki]

@patrickjahns That was it!

What a mean way of telling you "Please install the php-openssl extension".
ownCloud should definitely check for the openssl extension being installed, and if it's not, show a message like it's done with php-intl and so on.

[patrickjahns]

ownCloud should definitely check for the openssl extension being installed, and if it's not, show a message like it's done with php-intl and so on.

In php7.2 a couple of things with packages changed - need to see if we can reliably check that this is missing in installations with < php7.2

[patrickjahns]

@Kondou-ger
could you do us the favor and check if extension_loaded('openssl') would fail in your environment if you disable the extension again ?

[Niduroki]

@patrickjahns
Works as expected.
With the openssl-extension removed, extension_loaded('openssl') returns false, enabled it returns true.

[ownclouders]

Hey, this issue has been closed because the label status/STALE is set and there were no updates for 7 days. Feel free to reopen this issue if you deem it appropriate.

(This is an automated comment from GitMate.io.)

[PVince81]

Do I understand it correctly that PHP 7.2 doesn't use openssl any more and moved to some other lib ? If yes, then it makes sense to not enforce openssl any more with hard-coded checks.

[patrickjahns]

Libsodium replace mcrypt

[crrodriguez]

openssl is still cool, mcrypt is not.

[patrickjahns]

What would we need to do, to better address this issue? Prevent installation if library is not available ?

[PVince81]

documentation not enough ? owncloud-archive/documentation#4422

[DeepDiver1975]

As pointed out in my blog post: double check that all required modules are installed.
The server itself has no understanding when the underlying php run time is upgraded.

Closed therefor

[DeepDiver1975]

https://owncloud.org/news/owncloud-10-0-10-adds-support-php-7-2/