Re: what does the mysqli real connect MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT flag do? How to disable only CN validation?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



That flag uses SSL encryption but disables validation of the provided SSL
certificate. This is only for installations using MySQL Native Driver and
MySQL 5.6 or later.

On Wed, Mar 22, 2023 at 4:50 PM John Wythe <JWythe@xxxxxxxxxx> wrote:

> mysqli_real_connect has a parameter called flags than can be passed to
> it.  One of the flags in *MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT.*
>
>
>
> What does this flag do?  Does it only disable the CN validation, or does
> it also disable the certificate validation against a CA authority.
>
>
>
> SSL_CONEXT talks about options
>
>
>
> peer_name
>
> peer_verify
>
> peer_verify_name
>
>
>
> I would like to use these to at least disable only the verify_name part,
> or maybe even set the peer_name and have both validations turned on.
>
>
>
> Seems this context function is only available for streams and not mysqli.
>
>
>
> Openssl seems to have the ability to do this, however it does not appear
> to be exposed via mysqli.  I am guessing the flag above equates to peer
> verify and not peer_verify_name, or equates to both.
>
>
>
> I suppose I could download the source for php_pmysqli, and have a look,
> would that be the correct package to look at?
>
>
>
>
>
> John Wythe
> Software & Systems Engineer
> Epicor Software Corporation
> www.epicor.com
>
> Ph: 250-260-6495
> TF Support: 800-678-7423
> E-Mail: jwythe@xxxxxxxxxx
> Support E-Mail: *SilkSupport@xxxxxxxxxx <SilkSupport@xxxxxxxxxx>*
>
> *Support portal:* *https://epicorcs.service-now.com/epiccare/
> <https://epicorcs.service-now.com/epiccare/>*
>
> <http://www.epicor.com/services/default.aspx>
>
>
>

[Index of Archives]     [PHP Home]     [PHP Users]     [Postgresql Discussion]     [Kernel Newbies]     [Postgresql]     [Yosemite News]

  Powered by Linux