Uploaded image for project: 'ZABBIX FEATURE REQUESTS'
  1. ZABBIX FEATURE REQUESTS
  2. ZBXNEXT-7820

Allow to disable the peer verification in MySQL SSL connections

    XMLWordPrintable

Details

    • New Feature Request
    • Status: Open
    • Trivial
    • Resolution: Unresolved
    • 6.0.5
    • None
    • Frontend (F)

    Description

      Hello,

       

      I have got problems to configure my MySQL server SSL connection on the Frontend (zabbix_server works fine). The error message is not very useful, but doing tests with a PHP script I was able to fix the problem.

      The problem is related with the peer CN, because I am using CloudSQL and it creates a server certificate which matches the used name when connecting with the SQL Proxy, but it fails with direct connections using the IP address.

      On the zabbix_server daemon exists an option to disable this verification and then it has worked fine from the begin. On the frontend that option doesn't exist and then the connection fails.

       

      Will be possible to add this option in the PHP Frontend?.

       

      I have fixed the problem just changing the line:

      $tls_mode = MYSQLI_CLIENT_SSL;

      to:

      $tls_mode = MYSQLI_CLIENT_SSL|MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT;

      in the include/classes/db/MysqlDbBackend.php file.

       

      Best regards.

      Attachments

        Activity

          People

            vmurzins Valdis Murzins
            i2dcarrasco Daniel Carrasco
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated: