CVE-2016-2113: docs-xml: add "tls verify peer" option defaulting to "no_check"

[samba.git] / lib / param / param_table.c

diff --git a/lib/param/param_table.c b/lib/param/param_table.c
index be4881f9249b73185140a4f9041cebea63f32708..d8d9144b70cf3bac68f8c874578453cd32035d26 100644 (file)
--- a/lib/param/param_table.c
+++ b/lib/param/param_table.c
@@ -33,6 +33,7 @@
 #include "lib/param/param_global.h"
 #include "libcli/smb/smb_constants.h"
 #include "libds/common/roles.h"
+#include "source4/lib/tls/tls.h"
 
 #ifndef N_
 #define N_(x) x
@@ -125,6 +126,20 @@ static const struct enum_list enum_smb_signing_vals[] = {
        {-1, NULL}
 };
 
+static const struct enum_list enum_tls_verify_peer_vals[] = {
+       {TLS_VERIFY_PEER_NO_CHECK,
+        TLS_VERIFY_PEER_NO_CHECK_STRING},
+       {TLS_VERIFY_PEER_CA_ONLY,
+        TLS_VERIFY_PEER_CA_ONLY_STRING},
+       {TLS_VERIFY_PEER_CA_AND_NAME_IF_AVAILABLE,
+        TLS_VERIFY_PEER_CA_AND_NAME_IF_AVAILABLE_STRING},
+       {TLS_VERIFY_PEER_CA_AND_NAME,
+        TLS_VERIFY_PEER_CA_AND_NAME_STRING},
+       {TLS_VERIFY_PEER_AS_STRICT_AS_POSSIBLE,
+        TLS_VERIFY_PEER_AS_STRICT_AS_POSSIBLE_STRING},
+       {-1, NULL}
+};
+
 /* DNS update options. */
 static const struct enum_list enum_dns_update_settings[] = {
        {DNS_UPDATE_OFF, "disabled"},