php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #72048 No way to disable peer name verification
Submitted: 2016-04-18 14:11 UTC Modified: -
Votes:57
Avg. Score:3.4 ± 1.0
Reproduced:31 of 35 (88.6%)
Same Version:24 (77.4%)
Same OS:20 (64.5%)
From: michal at cihar dot com Assigned:
Status: Open Package: MySQLi related
PHP Version: 7.0Git-2016-04-18 (Git) OS:
Private report: No CVE-ID: None
View Add Comment Developer Edit
Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please — but make sure to vote on the bug!
Your email address:
MUST BE VALID
Solve the problem:
31 + 39 = ?
Subscribe to this entry?

 
 [2016-04-18 14:11 UTC] michal at cihar dot com 
Description:
------------
Currently the MySQLi driver only allows to validate SSL certificate and whether it matches provided CN or skip both of these. This leads to insecure setup in many cases as you have to disable SSL verification in order to workaround CN/hostname mismatch (which is quite usual with cloud providers as CN contains name of the instance and you connect using IP address, this is true for example for Google Cloud SQL), what makes using SSL pretty much useless as you're open to MITM attacks.

What is missing is separate control to disable only ssl.verify_peer_name as you still want to verify the server certificate.

See also https://bugs.php.net/bug.php?id=68344

Patches

Add a Patch

Pull Requests

Pull requests:

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2020-03-05 06:01 UTC] alivai1976 at gmail dot com 
The following pull request has been associated:

Patch Name: Fix #79133 - Replace <literal> with <code>
On GitHub:  https://github.com/php/doc-en/pull/23
Patch:      https://github.com/php/doc-en/pull/23.patch
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Tue Apr 23 14:01:31 2024 UTC