CVE-2016-2113: docs-xml: let "tls verify peer" default to "as_strict_as_possible"
[kai/samba-autobuild/.git] / source3 / param / loadparm.c
index a2b1000f9d3f3a9ff9fe537e049f18f206f8a0c8..17cbaff577aea3448231c2310dac74484b8e28e9 100644 (file)
@@ -869,7 +869,7 @@ static void init_globals(struct loadparm_context *lp_ctx, bool reinit_globals)
        Globals.dcerpc_endpoint_servers = str_list_make_v3_const(NULL, "epmapper wkssvc rpcecho samr netlogon lsarpc spoolss drsuapi dssetup unixinfo browser eventlog6 backupkey dnsserver", NULL);
 
        Globals.tls_enabled = true;
-       Globals.tls_verify_peer = TLS_VERIFY_PEER_NO_CHECK;
+       Globals.tls_verify_peer = TLS_VERIFY_PEER_AS_STRICT_AS_POSSIBLE;
 
        lpcfg_string_set(Globals.ctx, &Globals._tls_keyfile, "tls/key.pem");
        lpcfg_string_set(Globals.ctx, &Globals._tls_certfile, "tls/cert.pem");