]> granicus.if.org Git - php/commitdiff
projects / php / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 25439e9)
News for fixed bug #68344
authorAndrey Hristov <andrey@php.net>
Mon, 16 Nov 2015 11:38:25 +0000 (12:38 +0100)
committerAndrey Hristov <andrey@php.net>
Mon, 16 Nov 2015 11:38:25 +0000 (12:38 +0100)
NEWS patch | blob | history
ext/mysqlnd/mysqlnd_net.c patch | blob | history

diff --git a/NEWS b/NEWS
index cb0b72fbe2e35132e1d3bbcf18e321e4a4212091..72cd4f9ed030105d8bc13fcf0d98c26919113c66 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -17,6 +17,11 @@ PHP                                                                        NEWS
   . Fixed bug #70748 (Segfault in ini_lex () at Zend/zend_ini_scanner.l).
     (Laruence)
 
+- Mysqlnd:
+  . Fixed bug #68344 (MySQLi does not provide way to disable peer certificate
+    validation) by introducing MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT
+       connection flag. (Andrey)
+
 - OCI8:
   . Fixed bug #68298 (OCI int overflow) (Senthil).
 
diff --git a/ext/mysqlnd/mysqlnd_net.c b/ext/mysqlnd/mysqlnd_net.c
index 3e8d0993fa12ee52f31b1e93a48bb41879ae2db1..2231e1db2caa7b7204acc88f401e6968932d2fe9 100644 (file)
--- a/ext/mysqlnd/mysqlnd_net.c
+++ b/ext/mysqlnd/mysqlnd_net.c
@@ -965,6 +965,10 @@ MYSQLND_METHOD(mysqlnd_net, enable_ssl)(MYSQLND_NET * const net TSRMLS_DC)
                ZVAL_BOOL(&verify_peer_zval, verify);
                php_stream_context_set_option(context, "ssl", "verify_peer", &verify_peer_zval);
                php_stream_context_set_option(context, "ssl", "verify_peer_name", &verify_peer_zval);
+               if (net->data->options.ssl_verify_peer == MYSQLND_SSL_PEER_DONT_VERIFY) {
+                       ZVAL_TRUE(&verify_peer_zval);
+                       php_stream_context_set_option(context, "ssl", "allow_self_signed", &verify_peer_zval);
+               }
        }
 
        php_stream_context_set(net_stream, context);
Unnamed repository; edit this file 'description' to name the repository.