php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #71040 MySQLi does not provide way to disable peer certificate validation
Submitted: 2015-12-06 05:21 UTC Modified: 2015-12-06 16:47 UTC
From: James dot Sanders at knightsforgod dot com Assigned: ab (profile)
Status: Closed Package: MySQLi related
PHP Version: 7.0.0 OS: N/A
Private report: No CVE-ID: None
View Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: James dot Sanders at knightsforgod dot com
New email:
PHP Version: OS:

 

 [2015-12-06 05:21 UTC] James dot Sanders at knightsforgod dot com
Description:
------------
This is the same problem that has been solved in BUG #68344 for version 5.6.16.

Please provide patch to 7.0.0 so we can utilize self-signed certificates.

Thank you.

Test script:
---------------
	Public Function Open() {
		
		// Set Access to Global Variables:
		Global $MySQLServer, $ApacheUserID, $ApachePasswd, $ApacheSchema;
		
		// Initialize Database Object:
		If (!$this -> MySQLi   = MySQLi_Init()) {
			
			// Output Error if initialization fails:
			Die("MySQLi_Init Failed to initialize Database Object.");
			
		} Else {
			
			// Set SSL Connection Paramaters:
			MySQLi_SSL_Set($this -> MySQLi , 'client-key.pem', 'client-cert.pem', 'ca.pem', NULL, NULL);
			MySQLi_Options($this -> MySQLi , MYSQLI_OPT_SSL_VERIFY_SERVER_CERT, False);
			
		}
		
		// Connect to Database for Editing:
		MySQLi_Real_Connect($this -> MySQLi , $MySQLServer, $ApacheUserID, $ApachePasswd, $ApacheSchema, 3306, NULL, MYSQLI_CLIENT_SSL | MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT);
		
		// Verify Connection & Return Status:
		If ($this -> MySQLi) {
			
			// Set SSL Status in Private Variable:
			$SQL = "SHOW STATUS LIKE 'Ssl_cipher';";
			$Result = $this -> MySQLi -> Query($SQL) Or Die($this -> MySQLi -> Error.__LINE__);
			If($Result -> num_rows > 0) {
				While($Row = $Result->Fetch_Assoc()) {
					If (!IsSet($_SESSION['WebUser']['SSLStatus'])) {
						
						$this -> SSLStatus = $Row['Variable_name'].": {".$Row['Value']."}";
						
					}
				}
			} Else {
				$this -> SSLStatus = "None";
			}
			
			// Return Status:
			Return True;
			
		} Else {
			
			// Check Connection Status:
			If (mysqli_connect_errno()) {
				print_r(openssl_get_cert_locations());
				Die ('Connect error ('.mysqli_connect_errno().'): '.mysqli_connect_error()."\n");
				Exit();
				
			}
			
			// Return Status:
			Return False;
			
		}
		
	}

Expected result:
----------------
I expect the connection to return successful using self-signed certificates.

Actual result:
--------------
Warning: mysqli_real_connect(): SSL operation failed with code 1. OpenSSL Error messages: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed in D:\Apache\htdocs\Secure\Sessions.php on line 559

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-12-06 16:47 UTC] ab@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: ab
 [2015-12-06 16:47 UTC] ab@php.net
Thanks for the report. The fix is under way into the next 7.0 version. See also bug #71004;

Thanks.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sun Dec 22 06:01:30 2024 UTC