CVE-2016-2113: s4:selftest: explicitly use '--option="tlsverifypeer=no_check" for...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11752

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>

diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py
index 80f5ab9b227a8ab37beaafa59069b90f4f3196f8..64347b53899b2b74a3d36ea03866050beba381e5 100755 (executable)
--- a/source4/selftest/tests.py
+++ b/source4/selftest/tests.py
@@ -80,6 +80,7 @@ for env in ["ad_dc_ntvfs", "fl2008r2dc", "fl2003dc"]:
     plantestsuite("samba4.ldb.simple.ldap with SIMPLE-BIND %s(%s)" % (options, env),
                   env, "%s/test_ldb_simple.sh ldap $SERVER %s" % (bbdir, options))
     if have_tls_support:
+        options += ' --option="tlsverifypeer=no_check"'
         plantestsuite("samba4.ldb.simple.ldaps with SIMPLE-BIND %s(%s)" % (options, env),
                       env, "%s/test_ldb_simple.sh ldaps $SERVER %s" % (bbdir, options))
 
@@ -94,7 +95,7 @@ for env in ["ad_dc_ntvfs", "fl2008r2dc", "fl2003dc"]:
         plantestsuite("samba4.ldb.simple.ldap with SASL-BIND %s(%s)" % (options, env),
                       env, "%s/test_ldb_simple.sh ldap $SERVER %s" % (bbdir, options))
     if have_tls_support:
-        options = '-U"$USERNAME%$PASSWORD"'
+        options = '-U"$USERNAME%$PASSWORD" --option="tlsverifypeer=no_check"'
         plantestsuite("samba4.ldb.simple.ldaps with SASL-BIND %s(%s)" % (options, env),
                       env, "%s/test_ldb_simple.sh ldaps $SERVER %s" % (bbdir, options))