From: Stefan Metzmacher <metze@samba.org>
Date: Mon, 21 Mar 2016 02:56:22 +0000 (+0100)
Subject: CVE-2016-2113: s4:selftest: explicitly use '--option="tlsverifypeer=no_check" for... 
X-Git-Tag: samba-4.2.10~148
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=da2065eb4a6951e028e2f8865a17a5639e9f3579;p=thirdparty%2Fsamba.git

CVE-2016-2113: s4:selftest: explicitly use '--option="tlsverifypeer=no_check" for some ldaps tests

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11752

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
---

diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py
index 79a60f340fb..ff5445414e8 100755
--- a/source4/selftest/tests.py
+++ b/source4/selftest/tests.py
@@ -73,6 +73,7 @@ for env in ["ad_dc_ntvfs", "fl2008r2dc", "fl2003dc"]:
     plantestsuite("samba4.ldb.simple.ldap with SIMPLE-BIND %s(%s)" % (options, env),
                   env, "%s/test_ldb_simple.sh ldap $SERVER %s" % (bbdir, options))
     if have_tls_support:
+        options += ' --option="tlsverifypeer=no_check"'
         plantestsuite("samba4.ldb.simple.ldaps with SIMPLE-BIND %s(%s)" % (options, env),
                       env, "%s/test_ldb_simple.sh ldaps $SERVER %s" % (bbdir, options))
 
@@ -87,7 +88,7 @@ for env in ["ad_dc_ntvfs", "fl2008r2dc", "fl2003dc"]:
         plantestsuite("samba4.ldb.simple.ldap with SASL-BIND %s(%s)" % (options, env),
                       env, "%s/test_ldb_simple.sh ldap $SERVER %s" % (bbdir, options))
     if have_tls_support:
-        options = '-U"$USERNAME%$PASSWORD"'
+        options = '-U"$USERNAME%$PASSWORD" --option="tlsverifypeer=no_check"'
         plantestsuite("samba4.ldb.simple.ldaps with SASL-BIND %s(%s)" % (options, env),
                       env, "%s/test_ldb_simple.sh ldaps $SERVER %s" % (bbdir, options))