From: Stefan Metzmacher <metze@samba.org>
Date: Sat, 26 Mar 2016 07:38:46 +0000 (+0100)
Subject: CVE-2016-2113: selftest: use "tls verify peer = no_check"
X-Git-Tag: samba-4.2.10~144
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=dcf61e49d1cab9c06a29959f7dd5b1908f56461d;p=thirdparty%2Fsamba.git

CVE-2016-2113: selftest: use "tls verify peer = no_check"

Individual tests will check the more secure values.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11752

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
---

diff --git a/selftest/selftest.pl b/selftest/selftest.pl
index 2707f727e37..4d82b31487b 100755
--- a/selftest/selftest.pl
+++ b/selftest/selftest.pl
@@ -577,6 +577,7 @@ sub write_clientconf($$$)
         winbind separator = /
 	tls cafile = ${cacert}
 	tls crlfile = ${cacrl_pem}
+	tls verify peer = no_check
 ";
 	close(CF);
 }
diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm
index 4b9f158eb99..7ea154407c9 100755
--- a/selftest/target/Samba4.pm
+++ b/selftest/target/Samba4.pm
@@ -423,6 +423,7 @@ sub provision_raw_step1($$)
 	interfaces = $ctx->{interfaces}
 	tls dh params file = $ctx->{tlsdir}/dhparms.pem
 	tls crlfile = ${crlfile}
+	tls verify peer = no_check
 	panic action = $RealBin/gdb_backtrace \%d
 	wins support = yes
 	server role = $ctx->{server_role}