Skip to content

supplied flag to turn off mysqli SSL verification if ssl_verify passed as false#4805

Merged
narfbg merged 2 commits intobcit-ci:developfrom
intekhabrizvi:develop
Sep 9, 2016
Merged

supplied flag to turn off mysqli SSL verification if ssl_verify passed as false#4805
narfbg merged 2 commits intobcit-ci:developfrom
intekhabrizvi:develop

Conversation

@intekhabrizvi
Copy link
Copy Markdown
Contributor

@intekhabrizvi intekhabrizvi commented Sep 9, 2016

Updated codes to pass MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT flag

@narfbg
Copy link
Copy Markdown
Contributor

narfbg commented Sep 9, 2016

If this is a connect flag, do we still need the options() call?

And more importantly, while #4801 disabled SSL altogether (on PHP < 5.6.16), it did take into account what the manual says here:

MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT - Like MYSQLI_CLIENT_SSL, but disables validation of the provided SSL certificate. This is only for installations using MySQL Native Driver and MySQL 5.6 or later.

Isn't it therefore better not to set MYSQLI_CLIENT_SSL only if this flag here is set?

@intekhabrizvi
Copy link
Copy Markdown
Contributor Author

intekhabrizvi commented Sep 9, 2016

I though the same, we are already using using MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT in options function but its not taking any effect hence i cross check PHP C source codes and found options function have no definition of MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT check line no 1733 of http://git.php.net/?p=php-src.git;a=blob;f=ext/mysqli/mysqli_api.c;hb=6baaa2bb1b0ec87d8c2d676da27d04370677a81c you can see definition of MYSQLI_OPT_SSL_VERIFY_SERVER_CERT but no definition of MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT hence no matter you write or not its not going to work.

Regards to MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT - Like MYSQLI_CLIENT_SSL due to poor explanation of flag behavior, at first i thought may be writing MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT only also do the job of MYSQLI_CLIENT_SSL as well but i was wrong, as per PHP C source codes test case file http://git.php.net/?p=php-src.git;a=blob;f=ext/mysqli/tests/bug51647.phpt;hb=6baaa2bb1b0ec87d8c2d676da27d04370677a81c#l44 on line no 44 you can see they are using both flag with pipe hence both flag have individual work and both are necessary.

Seems i need to apply for another patch for this.
Thanks

@narfbg
Copy link
Copy Markdown
Contributor

narfbg commented Sep 9, 2016

You don't need to open a new pull request, just push another commit (removing the options() call) to the same branch and this one will be automatically updated.

@intekhabrizvi
Copy link
Copy Markdown
Contributor Author

intekhabrizvi commented Sep 9, 2016

Shall i comment that line or completely remove it, I am thinking may be in future they add those feature in PHP source codes so that we can start using options function again.

@narfbg
Copy link
Copy Markdown
Contributor

narfbg commented Sep 9, 2016

Remove it, we don't keep commented-out code.

@intekhabrizvi
Copy link
Copy Markdown
Contributor Author

intekhabrizvi commented Sep 9, 2016

Updated code pushed, pls check.

@narfbg narfbg added the Bug label Sep 9, 2016
@narfbg narfbg added this to the 3.1.1 milestone Sep 9, 2016
@narfbg narfbg merged commit 140c70e into bcit-ci:develop Sep 9, 2016
narfbg added a commit that referenced this pull request Sep 9, 2016
@narfbg
Merge pull request #4805 from intekhabrizvi/develop
676072e 
Use MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT as a connection flag instead of option
narfbg added a commit that referenced this pull request Sep 9, 2016
@narfbg
[ci skip] Add changelog entry for PR #4805
8c61ec2
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

Bug

Projects

None yet

Milestone

3.1.1

Development

Successfully merging this pull request may close these issues.

2 participants

@intekhabrizvi @narfbg