|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #72048 No way to disable peer name verification
Submitted: 2016-04-18 14:11 UTC Modified: -
Avg. Score:3.5 ± 0.8
Reproduced:16 of 17 (94.1%)
Same Version:10 (62.5%)
Same OS:8 (50.0%)
From: michal at cihar dot com Assigned:
Status: Open Package: MySQLi related
PHP Version: 7.0Git-2016-04-18 (Git) OS:
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Bug Type:
From: michal at cihar dot com
New email:
PHP Version: OS:


 [2016-04-18 14:11 UTC] michal at cihar dot com
Currently the MySQLi driver only allows to validate SSL certificate and whether it matches provided CN or skip both of these. This leads to insecure setup in many cases as you have to disable SSL verification in order to workaround CN/hostname mismatch (which is quite usual with cloud providers as CN contains name of the instance and you connect using IP address, this is true for example for Google Cloud SQL), what makes using SSL pretty much useless as you're open to MITM attacks.

What is missing is separate control to disable only ssl.verify_peer_name as you still want to verify the server certificate.

See also


Add a Patch

Pull Requests

Pull requests:

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2020-03-05 06:01 UTC] alivai1976 at gmail dot com
The following pull request has been associated:

Patch Name: Fix #79133 - Replace <literal> with <code>
On GitHub:
PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Sun Oct 25 13:01:23 2020 UTC