From cfc9e77c89ee5377b25e411ef3d8ab43c8900b7e Mon Sep 17 00:00:00 2001
From: Andrey Andreev <narf@devilix.net>
Date: Thu, 16 Jul 2015 16:17:27 +0300
Subject: Add 'ssl_verify' option for mysqli driver

MYSQLI_OPT_SSL_VERIFY_SERVER_CERT is an undocumented option that may not always be available.
Reference: http://svn.php.net/viewvc/php/php-src/trunk/ext/mysqli/tests/mysqli_constants.phpt?view=markup&pathrev=302897
---
 application/config/database.php                  | 1 +
 system/database/drivers/mysqli/mysqli_driver.php | 5 +++++
 user_guide_src/source/database/configuration.rst | 1 +
 3 files changed, 7 insertions(+)

diff --git a/application/config/database.php b/application/config/database.php
index ea345ee79..bf9857fff 100644
--- a/application/config/database.php
+++ b/application/config/database.php
@@ -49,6 +49,7 @@ defined('BASEPATH') OR exit('No direct script access allowed');
 |				'ssl_ca'     - Path to the certificate authority file
 |				'ssl_capath' - Path to a directory containing trusted CA certificats in PEM format
 |				'ssl_cipher' - List of *allowed* ciphers to be used for the encryption, separated by colons (':')
+|				'ssl_verify' - TRUE/FALSE; Whether verify the server certificate or not ('mysqli' only)
 |
 |	['compress'] Whether or not to use client compression (MySQL only)
 |	['stricton'] TRUE/FALSE - forces 'Strict Mode' connections
diff --git a/system/database/drivers/mysqli/mysqli_driver.php b/system/database/drivers/mysqli/mysqli_driver.php
index 8d398c866..dd3cc77c6 100644
--- a/system/database/drivers/mysqli/mysqli_driver.php
+++ b/system/database/drivers/mysqli/mysqli_driver.php
@@ -142,6 +142,11 @@ class CI_DB_mysqli_driver extends CI_DB {
 
 			if ( ! empty($ssl))
 			{
+				if ( ! empty($this->encrypt['ssl_verify']) && defined('MYSQLI_OPT_SSL_VERIFY_SERVER_CERT'))
+				{
+					$mysqli->options(MYSQLI_OPT_SSL_VERIFY_SERVER_CERT, TRUE);
+				}
+
 				$client_flags |= MYSQLI_CLIENT_SSL;
 				$mysqli->ssl_set(
 					isset($ssl['key'])    ? $ssl['key']    : NULL,
diff --git a/user_guide_src/source/database/configuration.rst b/user_guide_src/source/database/configuration.rst
index 6a6c84979..8026be63a 100644
--- a/user_guide_src/source/database/configuration.rst
+++ b/user_guide_src/source/database/configuration.rst
@@ -188,6 +188,7 @@ Explanation of Values:
 			    - 'ssl_ca'     - Path to the certificate authority file
 			    - 'ssl_capath' - Path to a directory containing trusted CA certificats in PEM format
 			    - 'ssl_cipher' - List of *allowed* ciphers to be used for the encryption, separated by colons (':')
+			    - 'ssl_verify' - TRUE/FALSE; Whether to verify the server certificate or not ('mysqli' only)
 
 **compress**		Whether or not to use client compression (MySQL only).
 **stricton**		TRUE/FALSE (boolean) - Whether to force "Strict Mode" connections, good for ensuring strict SQL
-- 
cgit v1.2.3-24-g4f1b