diff options
| author | Andrey Hristov <andrey@php.net> | 2015-10-22 11:48:53 +0200 |
|---|---|---|
| committer | Andrey Hristov <andrey@php.net> | 2015-10-22 11:48:53 +0200 |
| commit | afd31489d0d9999f701467e99ef2b40794eed196 (patch) | |
| tree | 74cfa92c20dd0b14058ef7286bc8057c2001e971 | |
| parent | 8292260515a904b4d515484145c78f33a06ae1ae (diff) | |
| download | php-git-afd31489d0d9999f701467e99ef2b40794eed196.tar.gz | |
Improve fix for Bug #68344 MySQLi does not provide way to disable peer certificate validation
| -rw-r--r-- | ext/mysqli/mysqli.c | 3 | ||||
| -rw-r--r-- | ext/mysqli/tests/mysqli_constants.phpt | 3 | ||||
| -rw-r--r-- | ext/mysqlnd/mysqlnd_net.c | 9 |
3 files changed, 8 insertions, 7 deletions
diff --git a/ext/mysqli/mysqli.c b/ext/mysqli/mysqli.c index e028d60ab0..198ed83116 100644 --- a/ext/mysqli/mysqli.c +++ b/ext/mysqli/mysqli.c @@ -715,6 +715,9 @@ PHP_MINIT_FUNCTION(mysqli) REGISTER_LONG_CONSTANT("MYSQLI_CLIENT_IGNORE_SPACE", CLIENT_IGNORE_SPACE, CONST_CS | CONST_PERSISTENT); REGISTER_LONG_CONSTANT("MYSQLI_CLIENT_NO_SCHEMA", CLIENT_NO_SCHEMA, CONST_CS | CONST_PERSISTENT); REGISTER_LONG_CONSTANT("MYSQLI_CLIENT_FOUND_ROWS", CLIENT_FOUND_ROWS, CONST_CS | CONST_PERSISTENT); +#ifdef CLIENT_SSL_VERIFY_SERVER_CERT + REGISTER_LONG_CONSTANT("MYSQLI_CLIENT_SSL_VERIFY_SERVER_CERT", CLIENT_SSL_VERIFY_SERVER_CERT, CONST_CS | CONST_PERSISTENT); +#endif #if (MYSQL_VERSION_ID >= 50611 && defined(CLIENT_CAN_HANDLE_EXPIRED_PASSWORDS)) || defined(MYSQLI_USE_MYSQLND) REGISTER_LONG_CONSTANT("MYSQLI_CLIENT_CAN_HANDLE_EXPIRED_PASSWORDS", CLIENT_CAN_HANDLE_EXPIRED_PASSWORDS, CONST_CS | CONST_PERSISTENT); REGISTER_LONG_CONSTANT("MYSQLI_OPT_CAN_HANDLE_EXPIRED_PASSWORDS", MYSQL_OPT_CAN_HANDLE_EXPIRED_PASSWORDS, CONST_CS | CONST_PERSISTENT); diff --git a/ext/mysqli/tests/mysqli_constants.phpt b/ext/mysqli/tests/mysqli_constants.phpt index dd0f769e91..1cb31cc2a7 100644 --- a/ext/mysqli/tests/mysqli_constants.phpt +++ b/ext/mysqli/tests/mysqli_constants.phpt @@ -136,6 +136,9 @@ require_once('skipifconnectfailure.inc'); $expected_constants['MYSQLI_SERVER_QUERY_WAS_SLOW'] = true; } + if ($version >= 50033 || $IS_MYSQLND) { + $expected_constants['MYSQLI_CLIENT_SSL_VERIFY_SERVER_CERT'] = true; + } /* First introduced in MySQL 6.0, backported to MySQL 5.5 */ if ($version >= 50606 || $IS_MYSQLND) { diff --git a/ext/mysqlnd/mysqlnd_net.c b/ext/mysqlnd/mysqlnd_net.c index 4cbe9deb29..7b164ac294 100644 --- a/ext/mysqlnd/mysqlnd_net.c +++ b/ext/mysqlnd/mysqlnd_net.c @@ -897,14 +897,9 @@ MYSQLND_METHOD(mysqlnd_net, enable_ssl)(MYSQLND_NET * const net TSRMLS_DC) ZVAL_STRING(&key_zval, net->data->options.ssl_key, 0); php_stream_context_set_option(context, "ssl", "local_pk", &key_zval); } - if (net->data->options.ssl_verify_peer) { - zval verify_peer_zval; - ZVAL_TRUE(&verify_peer_zval); - php_stream_context_set_option(context, "ssl", "verify_peer", &verify_peer_zval); - php_stream_context_set_option(context, "ssl", "verify_peer_name", &verify_peer_zval); - } else { + { zval verify_peer_zval; - ZVAL_FALSE(&verify_peer_zval); + ZVAL_BOOL(&verify_peer_zval, net->data->options.ssl_verify_peer); php_stream_context_set_option(context, "ssl", "verify_peer", &verify_peer_zval); php_stream_context_set_option(context, "ssl", "verify_peer_name", &verify_peer_zval); } |