|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #72235 PDO and certificate CN
Submitted: 2016-05-18 01:42 UTC Modified: 2016-05-18 02:02 UTC
From: ghfjdksl at gmail dot com Assigned:
Status: Duplicate Package: PDO MySQL
PHP Version: 5.6.21 OS: rhel 6.7
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Bug Type:
From: ghfjdksl at gmail dot com
New email:
PHP Version: OS:


 [2016-05-18 01:42 UTC] ghfjdksl at gmail dot com
In php 5.6, certificate CN is verified by default. But this is infeasible in some situation. There should be at least one attribute that can toggle the CN verification on and off, or at least let the user specify what the expected CN is, instead of using the connection url. There is a flag that one can set for mysqli, but there is no such option for PDO now.

Test script:
$attr[PDO::MYSQL_ATTR_SSL_CA] = "rootCA.pem";
    $conn = new PDO(";port=3306;","test_user", "my_password", $attr);
catch (Exception $e)
    print "not ok\n";
    throw $e;
print "ok of no exception\n"

Expected result:
The test script requires mysql to be correctly setup to use ssl connection. I'm only posting the client code here. And I'm hiding my real test ip. 
Server certificate have CN "", and connection ip is some real ip address. Since these two are different, the connection should fail.
After the attached patch, one can uncomment the PDO::MYSQL_ATTR_SSL_SERVER_CN line, and the connection should succeed.


add_PDO_SPECIFY_CN (last revision 2016-05-18 01:43 UTC by ghfjdksl at gmail dot com)

Add a Patch

Pull Requests

Pull requests:

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2016-05-18 02:02 UTC]
-Status: Open +Status: Duplicate
 [2016-05-18 02:02 UTC]
Duplicate of bug #71845 and related to request #71003.
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Tue Feb 27 13:01:27 2024 UTC