From: Stefan Metzmacher <metze@samba.org>
Date: Mon, 21 Mar 2016 02:56:22 +0000 (+0100)
Subject: CVE-2016-2113: s4:selftest: explicitly use '--option="tlsverifypeer=no_check" for... 
X-Git-Tag: talloc-2.1.7~408
X-Git-Url: http://git.samba.org/?p=samba.git;a=commitdiff_plain;h=e72b2c94b56b30cce5a2f47a080e70a83a551d19

CVE-2016-2113: s4:selftest: explicitly use '--option="tlsverifypeer=no_check" for some ldaps tests

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11752

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
---

diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py
index 80f5ab9b227..64347b53899 100755
--- a/source4/selftest/tests.py
+++ b/source4/selftest/tests.py
@@ -80,6 +80,7 @@ for env in ["ad_dc_ntvfs", "fl2008r2dc", "fl2003dc"]:
     plantestsuite("samba4.ldb.simple.ldap with SIMPLE-BIND %s(%s)" % (options, env),
                   env, "%s/test_ldb_simple.sh ldap $SERVER %s" % (bbdir, options))
     if have_tls_support:
+        options += ' --option="tlsverifypeer=no_check"'
         plantestsuite("samba4.ldb.simple.ldaps with SIMPLE-BIND %s(%s)" % (options, env),
                       env, "%s/test_ldb_simple.sh ldaps $SERVER %s" % (bbdir, options))
 
@@ -94,7 +95,7 @@ for env in ["ad_dc_ntvfs", "fl2008r2dc", "fl2003dc"]:
         plantestsuite("samba4.ldb.simple.ldap with SASL-BIND %s(%s)" % (options, env),
                       env, "%s/test_ldb_simple.sh ldap $SERVER %s" % (bbdir, options))
     if have_tls_support:
-        options = '-U"$USERNAME%$PASSWORD"'
+        options = '-U"$USERNAME%$PASSWORD" --option="tlsverifypeer=no_check"'
         plantestsuite("samba4.ldb.simple.ldaps with SASL-BIND %s(%s)" % (options, env),
                       env, "%s/test_ldb_simple.sh ldaps $SERVER %s" % (bbdir, options))