diff --git a/NEWS b/NEWS
index 41e34e90ee5..842b72ad920 100644
--- a/NEWS
+++ b/NEWS
@@ -43,6 +43,11 @@ PHP                                                                        NEWS
   . Fixed bug #70323 (Regression in zend_fetch_debug_backtrace() can cause
     segfaults). (Aharvey, Laruence)
 
+- Mysqlnd:
+  . Fixed bug #68344 (MySQLi does not provide way to disable peer certificate
+    validation) by introducing MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT
+	connection flag. (Andrey)
+
 - OCI8:
   . Fixed bug #68298 (OCI int overflow) (Senthil).
 
diff --git a/ext/mysqlnd/mysqlnd_net.c b/ext/mysqlnd/mysqlnd_net.c
index ccac6ad1fc5..952af3d09c1 100644
--- a/ext/mysqlnd/mysqlnd_net.c
+++ b/ext/mysqlnd/mysqlnd_net.c
@@ -978,6 +978,10 @@ MYSQLND_METHOD(mysqlnd_net, enable_ssl)(MYSQLND_NET * const net)
 		ZVAL_BOOL(&verify_peer_zval, verify);
 		php_stream_context_set_option(context, "ssl", "verify_peer", &verify_peer_zval);
 		php_stream_context_set_option(context, "ssl", "verify_peer_name", &verify_peer_zval);
+		if (net->data->options.ssl_verify_peer == MYSQLND_SSL_PEER_DONT_VERIFY) {
+			ZVAL_TRUE(&verify_peer_zval);
+			php_stream_context_set_option(context, "ssl", "allow_self_signed", &verify_peer_zval);
+		}
 	}
 #if PHP_API_VERSION >= 20131106
 	php_stream_context_set(net_stream, context);