mirrors/php-src
0
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2024-11-24 18:34:21 +08:00
Code Issues Packages Projects Releases Wiki Activity

Improve fix for Bug #68344 MySQLi does not provide way to disable peer certificate validation

Browse Source
This commit is contained in:
Andrey Hristov 2015-10-22 11:48:53 +02:00
parent 8292260515
commit afd31489d0
3 changed files with 8 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
ext/mysqli/mysqli.c
View File

@ -715,6 +715,9 @@ PHP_MINIT_FUNCTION(mysqli)
REGISTER_LONG_CONSTANT("MYSQLI_CLIENT_IGNORE_SPACE", CLIENT_IGNORE_SPACE, CONST_CS | CONST_PERSISTENT);
REGISTER_LONG_CONSTANT("MYSQLI_CLIENT_NO_SCHEMA", CLIENT_NO_SCHEMA, CONST_CS | CONST_PERSISTENT);
REGISTER_LONG_CONSTANT("MYSQLI_CLIENT_FOUND_ROWS", CLIENT_FOUND_ROWS, CONST_CS | CONST_PERSISTENT);
#ifdef CLIENT_SSL_VERIFY_SERVER_CERT
REGISTER_LONG_CONSTANT("MYSQLI_CLIENT_SSL_VERIFY_SERVER_CERT", CLIENT_SSL_VERIFY_SERVER_CERT, CONST_CS | CONST_PERSISTENT);
#endif
#if (MYSQL_VERSION_ID >= 50611 && defined(CLIENT_CAN_HANDLE_EXPIRED_PASSWORDS)) || defined(MYSQLI_USE_MYSQLND)
REGISTER_LONG_CONSTANT("MYSQLI_CLIENT_CAN_HANDLE_EXPIRED_PASSWORDS", CLIENT_CAN_HANDLE_EXPIRED_PASSWORDS, CONST_CS | CONST_PERSISTENT);
REGISTER_LONG_CONSTANT("MYSQLI_OPT_CAN_HANDLE_EXPIRED_PASSWORDS", MYSQL_OPT_CAN_HANDLE_EXPIRED_PASSWORDS, CONST_CS | CONST_PERSISTENT);

3
ext/mysqli/tests/mysqli_constants.phpt
View File

@ -136,6 +136,9 @@ require_once('skipifconnectfailure.inc');
$expected_constants['MYSQLI_SERVER_QUERY_WAS_SLOW'] = true;
}
if ($version >= 50033 || $IS_MYSQLND) {
$expected_constants['MYSQLI_CLIENT_SSL_VERIFY_SERVER_CERT'] = true;
}
/* First introduced in MySQL 6.0, backported to MySQL 5.5 */
if ($version >= 50606 || $IS_MYSQLND) {

9
ext/mysqlnd/mysqlnd_net.c
View File

@ -897,14 +897,9 @@ MYSQLND_METHOD(mysqlnd_net, enable_ssl)(MYSQLND_NET * const net TSRMLS_DC)
ZVAL_STRING(&key_zval, net->data->options.ssl_key, 0);
php_stream_context_set_option(context, "ssl", "local_pk", &key_zval);
}
if (net->data->options.ssl_verify_peer) {
{
zval verify_peer_zval;
ZVAL_TRUE(&verify_peer_zval);
php_stream_context_set_option(context, "ssl", "verify_peer", &verify_peer_zval);
php_stream_context_set_option(context, "ssl", "verify_peer_name", &verify_peer_zval);
} else {
zval verify_peer_zval;
ZVAL_FALSE(&verify_peer_zval);
ZVAL_BOOL(&verify_peer_zval, net->data->options.ssl_verify_peer);
php_stream_context_set_option(context, "ssl", "verify_peer", &verify_peer_zval);
php_stream_context_set_option(context, "ssl", "verify_peer_name", &verify_peer_zval);
}