|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #72235 PDO and certificate CN
Submitted: 2016-05-18 01:42 UTC Modified: 2016-05-18 02:02 UTC
From: ghfjdksl at gmail dot com Assigned:
Status: Duplicate Package: PDO MySQL
PHP Version: 5.6.21 OS: rhel 6.7
Private report: No CVE-ID: None
 [2016-05-18 01:42 UTC] ghfjdksl at gmail dot com
In php 5.6, certificate CN is verified by default. But this is infeasible in some situation. There should be at least one attribute that can toggle the CN verification on and off, or at least let the user specify what the expected CN is, instead of using the connection url. There is a flag that one can set for mysqli, but there is no such option for PDO now.

Test script:
$attr[PDO::MYSQL_ATTR_SSL_CA] = "rootCA.pem";
    $conn = new PDO(";port=3306;","test_user", "my_password", $attr);
catch (Exception $e)
    print "not ok\n";
    throw $e;
print "ok of no exception\n"

Expected result:
The test script requires mysql to be correctly setup to use ssl connection. I'm only posting the client code here. And I'm hiding my real test ip. 
Server certificate have CN "", and connection ip is some real ip address. Since these two are different, the connection should fail.
After the attached patch, one can uncomment the PDO::MYSQL_ATTR_SSL_SERVER_CN line, and the connection should succeed.


add_PDO_SPECIFY_CN (last revision 2016-05-18 01:43 UTC by ghfjdksl at gmail dot com)

Add a Patch

Pull Requests

Pull requests:

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2016-05-18 02:02 UTC]
-Status: Open +Status: Duplicate
 [2016-05-18 02:02 UTC]
Duplicate of bug #71845 and related to request #71003.
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Thu Aug 05 12:01:23 2021 UTC