CVE-2016-2113: selftest: use "tls verify peer = no_check"

Individual tests will check the more secure values.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11752

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>

diff --git a/selftest/selftest.pl b/selftest/selftest.pl
index 2707f727e37add598490f4fa017a5861200fc348..4d82b31487bc68ee3a41755235ddec070925d33c 100755 (executable)
--- a/selftest/selftest.pl
+++ b/selftest/selftest.pl
@@ -577,6 +577,7 @@ sub write_clientconf($$$)
         winbind separator = /
        tls cafile = ${cacert}
        tls crlfile = ${cacrl_pem}
+       tls verify peer = no_check
 ";
        close(CF);
 }

diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm
index 4b9f158eb993efb00cf658b9c50b32837685dd96..7ea154407c97013b893c167a1f662b761769311c 100755 (executable)
--- a/selftest/target/Samba4.pm
+++ b/selftest/target/Samba4.pm
@@ -423,6 +423,7 @@ sub provision_raw_step1($$)
        interfaces = $ctx->{interfaces}
        tls dh params file = $ctx->{tlsdir}/dhparms.pem
        tls crlfile = ${crlfile}
+       tls verify peer = no_check
        panic action = $RealBin/gdb_backtrace \%d
        wins support = yes
        server role = $ctx->{server_role}