Clarify what MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT does
-
I don’t know how hard it is to update the documentation, but it took me a long time to figure out what MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT actually does.
The PHP documentation wasn’t very clear either. https://php.net/manual/en/mysqli.real-connect.php#refsect1-mysqli.real-connect-parameters
After looking at the source code I found the flag sets MYSQL_OPT_SSL_VERIFY_SERVER_CERT in mysqlnd https://dev.mysql.com/doc/refman/5.7/en/mysql-options.html which means it only verifies the common name.
I was confused as to whether this stops CA validation when I specify a CA, turns out it doesn’t.
If you can, please update the documentation to reflect that MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT only stops validation of the Common Name and that CA validation depends on the CA flags.
Thanks ??
- The topic ‘Clarify what MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT does’ is closed to new replies.
