Merge remote-tracking branch 'origin/master'

phpmyadmin · Jan 15, 2016 · 03882ea · 03882ea
2 parents 793e224 + 8db478c
commit 03882ea
Show file tree

Hide file tree

Showing 4 changed files with 36 additions and 1 deletion.
diff --git a/ChangeLog b/ChangeLog
@@ -33,6 +33,7 @@ phpMyAdmin - ChangeLog
 + issue #11833 Drop support for old Internet Explorer versions
 + issue #11796 Use modals for displaying forms in db structure page
 + issue #11789 Show MySQL error messages in user language
++ issue        Add 'ssl_verify' configuration directive for self-signed certificates with mysqlnd and PHP >= 5.6
 
 4.5.4.0 (not yet released)
 - issue #11724 live data edit of big sets is not working

diff --git a/doc/config.rst b/doc/config.rst
@@ -290,6 +290,20 @@ Server connection settings
 
     List of allowable ciphers for SSL connections to the MySQL server.
 
+.. config:option:: $cfg['Servers'][$i]['ssl_verify']
+
+    :type: boolean
+    :default: true
+
+    If your PHP install uses the MySQL Native Driver (mysqlnd), your
+    MySQL server is 5.6 or later, and your SSL certificate is self-signed,
+    there is a chance your SSL connection will fail due to validation.
+    Setting this to ``false`` will disable the validation check.
+
+    .. note::
+
+        This flag only works with PHP 5.6.16 or later
+
 .. config:option:: $cfg['Servers'][$i]['connect_type']
 
     :type: string

diff --git a/libraries/config.default.php b/libraries/config.default.php
@@ -180,6 +180,17 @@
  */
 $cfg['Servers'][$i]['ssl_ciphers'] = null;
 
+/**
+ * MySQL 5.6 or later triggers the mysqlnd driver in PHP to validate the
+ * peer_name of the SSL certifcate
+ * For most self-signed certificates this is a problem. Setting this to false
+ * will disable the check and allow the connection (PHP 5.6.16 or later)
+ *
+ * @link http://bugs.php.net/68344
+ * @global string $cfg['Servers'][$i]['ssl_verify']
+ */
+$cfg['Servers'][$i]['ssl_verify'] = true;
+
 /**
  * How to connect to MySQL server ('tcp' or 'socket')
  *

diff --git a/libraries/dbi/DBIMysqli.php b/libraries/dbi/DBIMysqli.php
@@ -158,7 +158,16 @@ public function connect(
                 $cfg['Server']['ssl_ca_path'],
                 $cfg['Server']['ssl_ciphers']
             );
-            $client_flags |= MYSQLI_CLIENT_SSL;
+            $ssl_flag = MYSQLI_CLIENT_SSL;
+            /*
+             * disables SSL certificate validation on mysqlnd for MySQL 5.6 or later
+             * @link https://bugs.php.net/bug.php?id=68344
+             * @link https://github.com/phpmyadmin/phpmyadmin/pull/11838
+             */
+            if(!$cfg['Server']['ssl_verify'] && defined('MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT')) {
+                $ssl_flag = MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT;
+            }
+            $client_flags |= $ssl_flag;
         }
 
         if (! $server) {