|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #72048 No way to disable peer name verification
Submitted: 2016-04-18 14:11 UTC Modified: -
Avg. Score:3.4 ± 1.0
Reproduced:31 of 35 (88.6%)
Same Version:24 (77.4%)
Same OS:20 (64.5%)
From: michal at cihar dot com Assigned:
Status: Open Package: MySQLi related
PHP Version: 7.0Git-2016-04-18 (Git) OS:
Private report: No CVE-ID: None
View Add Comment Developer Edit
Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please — but make sure to vote on the bug!
Your email address:
Solve the problem:
30 - 12 = ?
Subscribe to this entry?

 [2016-04-18 14:11 UTC] michal at cihar dot com
Currently the MySQLi driver only allows to validate SSL certificate and whether it matches provided CN or skip both of these. This leads to insecure setup in many cases as you have to disable SSL verification in order to workaround CN/hostname mismatch (which is quite usual with cloud providers as CN contains name of the instance and you connect using IP address, this is true for example for Google Cloud SQL), what makes using SSL pretty much useless as you're open to MITM attacks.

What is missing is separate control to disable only ssl.verify_peer_name as you still want to verify the server certificate.

See also


Add a Patch

Pull Requests

Pull requests:

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2020-03-05 06:01 UTC] alivai1976 at gmail dot com
The following pull request has been associated:

Patch Name: Fix #79133 - Replace <literal> with <code>
On GitHub:
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Wed Apr 17 01:01:29 2024 UTC