CVE-2016-2113: docs-xml: add "tls verify peer" option defaulting to "no_check"

[samba.git] / lib / param / loadparm.c

diff --git a/lib/param/loadparm.c b/lib/param/loadparm.c
index d26a3f819c19b5bca25b04c3a02a3e6274b7c2c3..43defc171ff3c5e4cbec810659b471b75c7e1917 100644 (file)
--- a/lib/param/loadparm.c
+++ b/lib/param/loadparm.c
@@ -2674,6 +2674,7 @@ struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx)
        lpcfg_do_global_parameter(lp_ctx, "min wins ttl", "21600");
 
        lpcfg_do_global_parameter(lp_ctx, "tls enabled", "True");
+       lpcfg_do_global_parameter(lp_ctx, "tls verify peer", "no_check");
        lpcfg_do_global_parameter(lp_ctx, "tls keyfile", "tls/key.pem");
        lpcfg_do_global_parameter(lp_ctx, "tls certfile", "tls/cert.pem");
        lpcfg_do_global_parameter(lp_ctx, "tls cafile", "tls/ca.pem");
@@ -2810,7 +2811,7 @@ struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx)
 
        lpcfg_do_global_parameter(lp_ctx, "client ldap sasl wrapping", "sign");
 
-       lpcfg_do_global_parameter(lp_ctx, "ldap server require strong auth", "no");
+       lpcfg_do_global_parameter(lp_ctx, "ldap server require strong auth", "yes");
 
        lpcfg_do_global_parameter(lp_ctx, "follow symlinks", "yes");