Hello.
Since 5.6, "all encrypted client streams now enable peer verification by
default".
The problem I faced is with MySQL connection: we're connecting to old MySQL
server with self-signed certificate, and are using simple SSL connection
without certificates:
mysql_connect("address", "user", "password", false, MYSQL_CLIENT_SSL);
After upgrade from PHP 5.5 to 5.6, we are no longer able to connect to that
server:
PHP Warning: mysql_connect(): SSL operation failed with code 1. OpenSSL
Error messages:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify
failed in a.php on line 25
PHP Warning: mysql_connect(): Cannot connect to MySQL by using SSL in
a.php on line 25
PHP Warning: mysql_connect(): [2002] (trying to connect via
tcp://address:3306) in a.php on line 25
PHP Warning: mysql_connect(): in a.php on line 25
According to docs, "it is possible to disable peer certificate verification
for a request by setting the verify_peer context option to FALSE, and to
disable peer name validation by setting the verify_peer_name context option
to FALSE". But I can't find a way to use contexts even with MySQLi - is
there one? Or maybe some workarounds?
Thanks.
