PHP :: Bug #71040 :: MySQLi does not provide way to disable peer certificate validation

Bug #71040	MySQLi does not provide way to disable peer certificate validation
Submitted:	2015-12-06 05:21 UTC	Modified:	2015-12-06 16:47 UTC
From:	James dot Sanders at knightsforgod dot com	Assigned:	ab (profile)
Status:	Closed	Package:	MySQLi related
PHP Version:	7.0.0	OS:	N/A
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

[2015-12-06 05:21 UTC] James dot Sanders at knightsforgod dot com

Description:
------------
This is the same problem that has been solved in BUG #68344 for version 5.6.16.

Please provide patch to 7.0.0 so we can utilize self-signed certificates.

Thank you.

Test script:
---------------
	Public Function Open() {
		
		// Set Access to Global Variables:
		Global $MySQLServer, $ApacheUserID, $ApachePasswd, $ApacheSchema;
		
		// Initialize Database Object:
		If (!$this -> MySQLi   = MySQLi_Init()) {
			
			// Output Error if initialization fails:
			Die("MySQLi_Init Failed to initialize Database Object.");
			
		} Else {
			
			// Set SSL Connection Paramaters:
			MySQLi_SSL_Set($this -> MySQLi , 'client-key.pem', 'client-cert.pem', 'ca.pem', NULL, NULL);
			MySQLi_Options($this -> MySQLi , MYSQLI_OPT_SSL_VERIFY_SERVER_CERT, False);
			
		}
		
		// Connect to Database for Editing:
		MySQLi_Real_Connect($this -> MySQLi , $MySQLServer, $ApacheUserID, $ApachePasswd, $ApacheSchema, 3306, NULL, MYSQLI_CLIENT_SSL | MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT);
		
		// Verify Connection & Return Status:
		If ($this -> MySQLi) {
			
			// Set SSL Status in Private Variable:
			$SQL = "SHOW STATUS LIKE 'Ssl_cipher';";
			$Result = $this -> MySQLi -> Query($SQL) Or Die($this -> MySQLi -> Error.__LINE__);
			If($Result -> num_rows > 0) {
				While($Row = $Result->Fetch_Assoc()) {
					If (!IsSet($_SESSION['WebUser']['SSLStatus'])) {
						
						$this -> SSLStatus = $Row['Variable_name'].": {".$Row['Value']."}";
						
					}
				}
			} Else {
				$this -> SSLStatus = "None";
			}
			
			// Return Status:
			Return True;
			
		} Else {
			
			// Check Connection Status:
			If (mysqli_connect_errno()) {
				print_r(openssl_get_cert_locations());
				Die ('Connect error ('.mysqli_connect_errno().'): '.mysqli_connect_error()."\n");
				Exit();
				
			}
			
			// Return Status:
			Return False;
			
		}
		
	}

Expected result:
----------------
I expect the connection to return successful using self-signed certificates.

Actual result:
--------------
Warning: mysqli_real_connect(): SSL operation failed with code 1. OpenSSL Error messages: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed in D:\Apache\htdocs\Secure\Sessions.php on line 559

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2015-12-06 16:47 UTC] ab@php.net

-Status: Open +Status: Closed -Assigned To: +Assigned To: ab

[2015-12-06 16:47 UTC] ab@php.net

Thanks for the report. The fix is under way into the next 7.0 version. See also bug #71004;

Thanks.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Tue Apr 23 23:01:29 2024 UTC