From 8292260515a904b4d515484145c78f33a06ae1ae Mon Sep 17 00:00:00 2001
From: Andrey Hristov <andrey@php.net>
Date: Wed, 21 Oct 2015 15:10:24 +0200
Subject: Fix for Bug #68344 	MySQLi does not provide way to disable peer
 certificate validation

---
 ext/mysqlnd/mysqlnd_net.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

(limited to 'ext/mysqlnd/mysqlnd_net.c')

diff --git a/ext/mysqlnd/mysqlnd_net.c b/ext/mysqlnd/mysqlnd_net.c
index 69f4b7a54a..4cbe9deb29 100644
--- a/ext/mysqlnd/mysqlnd_net.c
+++ b/ext/mysqlnd/mysqlnd_net.c
@@ -901,6 +901,12 @@ MYSQLND_METHOD(mysqlnd_net, enable_ssl)(MYSQLND_NET * const net TSRMLS_DC)
 		zval verify_peer_zval;
 		ZVAL_TRUE(&verify_peer_zval);
 		php_stream_context_set_option(context, "ssl", "verify_peer", &verify_peer_zval);
+		php_stream_context_set_option(context, "ssl", "verify_peer_name", &verify_peer_zval);
+	} else {
+		zval verify_peer_zval;
+		ZVAL_FALSE(&verify_peer_zval);
+		php_stream_context_set_option(context, "ssl", "verify_peer", &verify_peer_zval);
+		php_stream_context_set_option(context, "ssl", "verify_peer_name", &verify_peer_zval);
 	}
 	if (net->data->options.ssl_cert) {
 		zval cert_zval;
@@ -918,7 +924,7 @@ MYSQLND_METHOD(mysqlnd_net, enable_ssl)(MYSQLND_NET * const net TSRMLS_DC)
 	if (net->data->options.ssl_capath) {
 		zval capath_zval;
 		ZVAL_STRING(&capath_zval, net->data->options.ssl_capath, 0);
-		php_stream_context_set_option(context, "ssl", "cafile", &capath_zval);
+		php_stream_context_set_option(context, "ssl", "capath", &capath_zval);
 	}
 	if (net->data->options.ssl_passphrase) {
 		zval passphrase_zval;
-- 
cgit v1.2.1