[ZBXNEXT-7820] Allow to disable the peer verification in MySQL SSL connections Created: 2022 Jun 22 Updated: 2022 Jun 22 |
|
| Status: | Open |
| Project: | ZABBIX FEATURE REQUESTS |
| Component/s: | Frontend (F) |
| Affects Version/s: | 6.0.5 |
| Fix Version/s: | None |
| Type: | New Feature Request | Priority: | Trivial |
| Reporter: | Daniel Carrasco | Assignee: | Valdis Murzins |
| Resolution: | Unresolved | Votes: | 0 |
| Labels: | frontend, mysql | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Description |
|
Hello,
I have got problems to configure my MySQL server SSL connection on the Frontend (zabbix_server works fine). The error message is not very useful, but doing tests with a PHP script I was able to fix the problem. The problem is related with the peer CN, because I am using CloudSQL and it creates a server certificate which matches the used name when connecting with the SQL Proxy, but it fails with direct connections using the IP address. On the zabbix_server daemon exists an option to disable this verification and then it has worked fine from the begin. On the frontend that option doesn't exist and then the connection fails.
Will be possible to add this option in the PHP Frontend?.
I have fixed the problem just changing the line: $tls_mode = MYSQLI_CLIENT_SSL; to: $tls_mode = MYSQLI_CLIENT_SSL|MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT; in the include/classes/db/MysqlDbBackend.php file.
Best regards. |