<ulink url="http://gnutls.org/manual/html_node/Priority-Strings.html">GNUTLS
Priority-Strings documentation at http://gnutls.org/manual/html_node/Priority-Strings.html</ulink>
</para>
- <para>By default it will try to find a config file matching "SAMBA", but if
- that does not exist will use the entry for "SYSTEM" and last fallback to
- NORMAL. In all cases the SSL3.0 protocol will be disabled.</para>
+ <para>The SSL3.0 protocol will be disabled.</para>
</description>
- <value type="default">@SAMBA,SYSTEM,NORMAL:!-VERS-SSL3.0</value>
+ <value type="default">NORMAL:-VERS-SSL3.0</value>
</samba:parameter>
lpcfg_do_global_parameter(lp_ctx, "tls keyfile", "tls/key.pem");
lpcfg_do_global_parameter(lp_ctx, "tls certfile", "tls/cert.pem");
lpcfg_do_global_parameter(lp_ctx, "tls cafile", "tls/ca.pem");
-#ifdef HAVE_GNUTLS_SET_DEFAULT_PRIORITY_APPEND
- lpcfg_do_global_parameter(lp_ctx,
- "tls priority",
- "@SAMBA,SYSTEM,NORMAL:!-VERS-SSL3.0");
-#else
lpcfg_do_global_parameter(lp_ctx,
"tls priority",
"NORMAL:-VERS-SSL3.0");
-#endif
lpcfg_do_global_parameter(lp_ctx, "nsupdate command", "/usr/bin/nsupdate -g");
import concurrent.futures
import tempfile
-config_h = os.path.join("bin/default/include/config.h")
-config_hash = dict()
-
-if os.path.exists(config_h):
- config_hash = dict()
- f = open(config_h, 'r')
- try:
- lines = f.readlines()
- config_hash = dict((x[0], ' '.join(x[1:]))
- for x in map(lambda line: line.strip().split(' ')[1:],
- list(filter(lambda line: (line[0:7] == '#define') and (len(line.split(' ')) > 2), lines))))
- finally:
- f.close()
-
-have_gnutls_system_config_support = ("HAVE_GNUTLS_SET_DEFAULT_PRIORITY_APPEND" in config_hash)
-
class TestCase(samba.tests.TestCaseInTempDir):
def _format_message(self, parameters, message):
'smbd max async dosmode',
])
- # 'tls priority' has a legacy default value if we don't link against a
- # modern GnuTLS version.
- if not have_gnutls_system_config_support:
- special_cases.add('tls priority')
-
def setUp(self):
super(SmbDotConfTests, self).setUp()
# create a minimal smb.conf file for testparm
lpcfg_string_set(Globals.ctx, &Globals._tls_keyfile, "tls/key.pem");
lpcfg_string_set(Globals.ctx, &Globals._tls_certfile, "tls/cert.pem");
lpcfg_string_set(Globals.ctx, &Globals._tls_cafile, "tls/ca.pem");
-#ifdef HAVE_GNUTLS_SET_DEFAULT_PRIORITY_APPEND
lpcfg_string_set(Globals.ctx,
&Globals.tls_priority,
- "@SAMBA,SYSTEM,NORMAL:!-VERS-SSL3.0");
-#else
- lpcfg_string_set(Globals.ctx,
- &Globals.tls_priority,
- "NORMAL!-VERS-SSL3.0");
-#endif
+ "NORMAL:-VERS-SSL3.0");
lpcfg_string_set(Globals.ctx, &Globals.share_backend, "classic");