diff options
| author | Andrey Hristov <andrey@php.net> | 2015-10-21 15:10:24 +0200 |
|---|---|---|
| committer | Andrey Hristov <andrey@php.net> | 2015-10-21 15:10:24 +0200 |
| commit | 8292260515a904b4d515484145c78f33a06ae1ae (patch) | |
| tree | 3179a478bc61c2251008fccf9b8a418de2915853 | |
| parent | efd2b3f5f2943884507a33f6726703bd2200aad6 (diff) | |
| download | php-git-8292260515a904b4d515484145c78f33a06ae1ae.tar.gz | |
Fix for Bug #68344 MySQLi does not provide way to disable peer certificate validation
| -rw-r--r-- | ext/mysqli/tests/bug51647.phpt | 40 | ||||
| -rw-r--r-- | ext/mysqlnd/mysqlnd_net.c | 8 |
2 files changed, 47 insertions, 1 deletions
diff --git a/ext/mysqli/tests/bug51647.phpt b/ext/mysqli/tests/bug51647.phpt index 78540f1c33..349d6dbbb0 100644 --- a/ext/mysqli/tests/bug51647.phpt +++ b/ext/mysqli/tests/bug51647.phpt @@ -65,9 +65,43 @@ $link->close(); } else { if (!$row = $res->fetch_assoc()) printf("[006] [%d] %s\n", $link->errno, $link->error); + if (!strlen($row["Value"])) + printf("[007] Empty cipher. No encrytion!"); } var_dump($row); + $link->close(); + + if (!is_object($link = mysqli_init())) + printf("[008] Cannot create link\n"); + + if (!my_mysqli_real_connect($link, $host, $user, $passwd, $db, $port, $socket, MYSQLI_CLIENT_SSL)) { + printf("[009] Connect failed, [%d] %s\n", mysqli_connect_errno(), mysqli_connect_error()); + } + + if (!$res = $link->query('SHOW STATUS like "Ssl_cipher"')) { + if (1064 == $link->errno) { + /* ERROR 1064 (42000): You have an error in your SQL syntax; = sql strict mode */ + if ($res = $link->query("SHOW STATUS")) { + while ($row = $res->fetch_assoc()) + if ($row['Variable_name'] == 'Ssl_cipher') + break; + } else { + printf("[010] [%d] %s\n", $link->errno, $link->error); + } + } else { + printf("[011] [%d] %s\n", $link->errno, $link->error); + } + } else { + if (!$row = $res->fetch_assoc()) + printf("[012] [%d] %s\n", $link->errno, $link->error); + if (!strlen($row["Value"])) + printf("[013] Empty cipher. No encrytion!"); + } + + var_dump($row); + + $link->close(); print "done!"; ?> @@ -78,4 +112,10 @@ array(2) { ["Value"]=> string(%d) "%S" } +array(2) { + ["Variable_name"]=> + string(10) "Ssl_cipher" + ["Value"]=> + string(%d) "%S" +} done! diff --git a/ext/mysqlnd/mysqlnd_net.c b/ext/mysqlnd/mysqlnd_net.c index 69f4b7a54a..4cbe9deb29 100644 --- a/ext/mysqlnd/mysqlnd_net.c +++ b/ext/mysqlnd/mysqlnd_net.c @@ -901,6 +901,12 @@ MYSQLND_METHOD(mysqlnd_net, enable_ssl)(MYSQLND_NET * const net TSRMLS_DC) zval verify_peer_zval; ZVAL_TRUE(&verify_peer_zval); php_stream_context_set_option(context, "ssl", "verify_peer", &verify_peer_zval); + php_stream_context_set_option(context, "ssl", "verify_peer_name", &verify_peer_zval); + } else { + zval verify_peer_zval; + ZVAL_FALSE(&verify_peer_zval); + php_stream_context_set_option(context, "ssl", "verify_peer", &verify_peer_zval); + php_stream_context_set_option(context, "ssl", "verify_peer_name", &verify_peer_zval); } if (net->data->options.ssl_cert) { zval cert_zval; @@ -918,7 +924,7 @@ MYSQLND_METHOD(mysqlnd_net, enable_ssl)(MYSQLND_NET * const net TSRMLS_DC) if (net->data->options.ssl_capath) { zval capath_zval; ZVAL_STRING(&capath_zval, net->data->options.ssl_capath, 0); - php_stream_context_set_option(context, "ssl", "cafile", &capath_zval); + php_stream_context_set_option(context, "ssl", "capath", &capath_zval); } if (net->data->options.ssl_passphrase) { zval passphrase_zval; |