Monday, February 15, 2016

TurnitinTwo Issues with Moodle 3 on CentOS 6

I recently stumbled upon a Turnitin bug on my Moodle 3 environment where it was simply failing to connect with Turnitin through the configuration interface.


The message was fairly cryptic and the logs even more so.

The error message was simply: "Could not connect to Turnitin, Double check your API URL setting". This was fine, so I looked at the API log, which indicated a "Curl error: Proxy CONNECT aborted", alongside an error 502.


When Turnitin was contacted, they gave this response, which did not work.
If you encounter connectivity issues while using the Turnitin Moodle Direct V2 integration (error: Turnitin API Base URL incorrect or unavailable, or error: Double check your API URL setting) this could be related to a CA certificate being unavailable to cURL. Viewing the Turnitin Apilog files will identify if this is the case.

The Moodle Direct plugin uses the server operating system's implementation of cURL. If cURL has an out of date (or no) CA certificates, the interaction with Turnitin will fail due to cURL performing peer SSL certificate verification and not being able to verify the Turnitin SSL certificate. Until cURL 7.18.0 some CA certificates were provided, but after 7.18.0 no CA certificates have been provided at all. Because of this, the Moodle server administrator would need to ensure that an up to date CA certificate bundle is used.

For Debian and RedHat based distributions:
CA certificates are distributed in the ca-certificates package. Gentoo servers provide them via the app-misc/ca-certificates ebuild. It's also a good idea to make sure that the OpenSSL libraries (libssl) and cURL libraries (libcurl) are up to date on your server.

You will also need to place a file with the Bundle of CA Root Certificates (downloadable from
http://curl.haxx.se/ca/cacert.pem) on your webserver and make a curl.cainfo reference to this file in your php.ini.

For Windows based servers:

1. You need to be running PHP 5.3.7 or later.
2. Download
https://raw.github.com/bagder/curl/master/lib/mk-ca-bundle.vbs
from the Curl repository on GitHub.
3. Open a Command Prompt as Administrator and go to the directory in which you downloaded mk-ca-bundle.vbs .
4. Run mk-ca-bundle.vbs . Accept the default file name and do not include the text information for each certificate.
5. After running this you will end up with a file ca-bundle.crt.
6. Copy that to a known location, e.g. {path}/ca-bundle.crt.
7. Add curl.cainfo={path}/ca-bundle.crt to php.ini. See PHP Runtime Configuration for more details
[PHP]
;;;;;;;;;;;;;;;;;;;
; CURL Settings ;
;;;;;;;;;;;;;;;;;;;
curl.cainfo={path}/ca-bundle.crt
8. Restart the IIS web site
We were eventually able to resolve the issue by a combination of factors:

1. In addition to having an http_proxy environment variable in the operating system, I also needed to explicitly set an https_proxy. This is dependent on if your server currently uses an http_proxy environment variable. Do not make any changes if your server can access the web directly.


vi /etc/bashrc
add linesexport http_proxy=’http://yourproxyip:port/’ export https_proxy=’http://yourproxyip:port/’ save and exit shell

2. The CA-Certificates bundle from curl.hexx.se did not work and resulted in a bunch of errors related to the SSL CA Cert (Message: Problem with the SSL CA cert (path? access rights?)) , so I re-installed the ca-certificates bundle from CentOS repositories.
yum reinstall ca-certificates openssl
3. I then used the “update-ca-trust” package to update the certificate store.
update-ca-trust
4. I removed the Moodle Proxy configuration from the Moodle application interface.
    Dashboard / ► Site administration / ► Server / ► HTTP (Server Proxy section)


Please note that these steps fixed the issue with my particular environment, if you are faced with similar issues I'd suggest starting with steps 2 and 3. If you are having proxy connect issues beforehand, you may try step 1 first.

Good luck and happy moodling!

-Noveck