php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #71040 MySQLi does not provide way to disable peer certificate validation
Submitted: 2015-12-06 05:21 UTC Modified: 2015-12-06 16:47 UTC
From: James dot Sanders at knightsforgod dot com Assigned: ab (profile)
Status: Closed Package: MySQLi related
PHP Version: 7.0.0 OS: N/A
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: James dot Sanders at knightsforgod dot com
New email:
PHP Version: OS:

 

 [2015-12-06 05:21 UTC] James dot Sanders at knightsforgod dot com 
Description:
------------
This is the same problem that has been solved in BUG #68344 for version 5.6.16.

Please provide patch to 7.0.0 so we can utilize self-signed certificates.

Thank you.

Test script:
---------------
	Public Function Open() {
		
		// Set Access to Global Variables:
		Global $MySQLServer, $ApacheUserID, $ApachePasswd, $ApacheSchema;
		
		// Initialize Database Object:
		If (!$this -> MySQLi   = MySQLi_Init()) {
			
			// Output Error if initialization fails:
			Die("MySQLi_Init Failed to initialize Database Object.");
			
		} Else {
			
			// Set SSL Connection Paramaters:
			MySQLi_SSL_Set($this -> MySQLi , 'client-key.pem', 'client-cert.pem', 'ca.pem', NULL, NULL);
			MySQLi_Options($this -> MySQLi , MYSQLI_OPT_SSL_VERIFY_SERVER_CERT, False);
			
		}
		
		// Connect to Database for Editing:
		MySQLi_Real_Connect($this -> MySQLi , $MySQLServer, $ApacheUserID, $ApachePasswd, $ApacheSchema, 3306, NULL, MYSQLI_CLIENT_SSL | MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT);
		
		// Verify Connection & Return Status:
		If ($this -> MySQLi) {
			
			// Set SSL Status in Private Variable:
			$SQL = "SHOW STATUS LIKE 'Ssl_cipher';";
			$Result = $this -> MySQLi -> Query($SQL) Or Die($this -> MySQLi -> Error.__LINE__);
			If($Result -> num_rows > 0) {
				While($Row = $Result->Fetch_Assoc()) {
					If (!IsSet($_SESSION['WebUser']['SSLStatus'])) {
						
						$this -> SSLStatus = $Row['Variable_name'].": {".$Row['Value']."}";
						
					}
				}
			} Else {
				$this -> SSLStatus = "None";
			}
			
			// Return Status:
			Return True;
			
		} Else {
			
			// Check Connection Status:
			If (mysqli_connect_errno()) {
				print_r(openssl_get_cert_locations());
				Die ('Connect error ('.mysqli_connect_errno().'): '.mysqli_connect_error()."\n");
				Exit();
				
			}
			
			// Return Status:
			Return False;
			
		}
		
	}

Expected result:
----------------
I expect the connection to return successful using self-signed certificates.

Actual result:
--------------
Warning: mysqli_real_connect(): SSL operation failed with code 1. OpenSSL Error messages: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed in D:\Apache\htdocs\Secure\Sessions.php on line 559

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-12-06 16:47 UTC] ab@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: ab
 [2015-12-06 16:47 UTC] ab@php.net 
Thanks for the report. The fix is under way into the next 7.0 version. See also bug #71004;

Thanks.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Sun Dec 22 12:01:30 2024 UTC