|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
Patchesadd_PDO_SPECIFY_CN (last revision 2016-05-18 01:43 UTC by ghfjdksl at gmail dot com)Pull Requests
Pull requests:
HistoryAllCommentsChangesGit/SVN commits
[2016-05-18 02:02 UTC] requinix@php.net
-Status: Open
+Status: Duplicate
[2016-05-18 02:02 UTC] requinix@php.net
|
|||||||||||||||||||||||||||
Copyright © 2001-2024 The PHP GroupAll rights reserved. |
Last updated: Thu Apr 25 13:01:30 2024 UTC |
Description: ------------ In php 5.6, certificate CN is verified by default. But this is infeasible in some situation. There should be at least one attribute that can toggle the CN verification on and off, or at least let the user specify what the expected CN is, instead of using the connection url. There is a flag that one can set for mysqli, but there is no such option for PDO now. Test script: --------------- <?php $attr[PDO::MYSQL_ATTR_SSL_CA] = "rootCA.pem"; //$attr[PDO::MYSQL_ATTR_SSL_SERVER_CN] = "the.real.server.cn"; try { $conn = new PDO("mysql:host=server.ip.here;port=3306;","test_user", "my_password", $attr); } catch (Exception $e) { print "not ok\n"; throw $e; } print "ok of no exception\n" ?> Expected result: ---------------- The test script requires mysql to be correctly setup to use ssl connection. I'm only posting the client code here. And I'm hiding my real test ip. Server certificate have CN "the.real.server.cn", and connection ip is some real ip address. Since these two are different, the connection should fail. After the attached patch, one can uncomment the PDO::MYSQL_ATTR_SSL_SERVER_CN line, and the connection should succeed.