go to bug id or search bugs for
Currently the MySQLi driver only allows to validate SSL certificate and whether it matches provided CN or skip both of these. This leads to insecure setup in many cases as you have to disable SSL verification in order to workaround CN/hostname mismatch (which is quite usual with cloud providers as CN contains name of the instance and you connect using IP address, this is true for example for Google Cloud SQL), what makes using SSL pretty much useless as you're open to MITM attacks.
What is missing is separate control to disable only ssl.verify_peer_name as you still want to verify the server certificate.
See also https://bugs.php.net/bug.php?id=68344
Add a Patch
Add a Pull Request