diff options
| -rw-r--r-- | application/config/database.php | 1 | ||||
| -rw-r--r-- | system/database/drivers/mysqli/mysqli_driver.php | 5 | ||||
| -rw-r--r-- | user_guide_src/source/database/configuration.rst | 1 |
3 files changed, 7 insertions, 0 deletions
diff --git a/application/config/database.php b/application/config/database.php index ea345ee79..bf9857fff 100644 --- a/application/config/database.php +++ b/application/config/database.php @@ -49,6 +49,7 @@ defined('BASEPATH') OR exit('No direct script access allowed'); | 'ssl_ca' - Path to the certificate authority file | 'ssl_capath' - Path to a directory containing trusted CA certificats in PEM format | 'ssl_cipher' - List of *allowed* ciphers to be used for the encryption, separated by colons (':') +| 'ssl_verify' - TRUE/FALSE; Whether verify the server certificate or not ('mysqli' only) | | ['compress'] Whether or not to use client compression (MySQL only) | ['stricton'] TRUE/FALSE - forces 'Strict Mode' connections diff --git a/system/database/drivers/mysqli/mysqli_driver.php b/system/database/drivers/mysqli/mysqli_driver.php index 8d398c866..dd3cc77c6 100644 --- a/system/database/drivers/mysqli/mysqli_driver.php +++ b/system/database/drivers/mysqli/mysqli_driver.php @@ -142,6 +142,11 @@ class CI_DB_mysqli_driver extends CI_DB { if ( ! empty($ssl)) { + if ( ! empty($this->encrypt['ssl_verify']) && defined('MYSQLI_OPT_SSL_VERIFY_SERVER_CERT')) + { + $mysqli->options(MYSQLI_OPT_SSL_VERIFY_SERVER_CERT, TRUE); + } + $client_flags |= MYSQLI_CLIENT_SSL; $mysqli->ssl_set( isset($ssl['key']) ? $ssl['key'] : NULL, diff --git a/user_guide_src/source/database/configuration.rst b/user_guide_src/source/database/configuration.rst index 6a6c84979..8026be63a 100644 --- a/user_guide_src/source/database/configuration.rst +++ b/user_guide_src/source/database/configuration.rst @@ -188,6 +188,7 @@ Explanation of Values: - 'ssl_ca' - Path to the certificate authority file - 'ssl_capath' - Path to a directory containing trusted CA certificats in PEM format - 'ssl_cipher' - List of *allowed* ciphers to be used for the encryption, separated by colons (':') + - 'ssl_verify' - TRUE/FALSE; Whether to verify the server certificate or not ('mysqli' only) **compress** Whether or not to use client compression (MySQL only). **stricton** TRUE/FALSE (boolean) - Whether to force "Strict Mode" connections, good for ensuring strict SQL |