<smbconfoption name="tls crl file"/> needs to be configured.
Future versions of Samba may implement additional checks.
</para>
-
- <para>Note that the default is likely to change from
- <constant>no_check</constant> to <constant>as_strict_as_possible</constant>
- with Samba 4.5.</para>
</description>
-<value type="default">no_check</value>
+<value type="default">as_strict_as_possible</value>
</samba:parameter>
lpcfg_do_global_parameter(lp_ctx, "min wins ttl", "21600");
lpcfg_do_global_parameter(lp_ctx, "tls enabled", "True");
- lpcfg_do_global_parameter(lp_ctx, "tls verify peer", "no_check");
+ lpcfg_do_global_parameter(lp_ctx, "tls verify peer", "as_strict_as_possible");
lpcfg_do_global_parameter(lp_ctx, "tls keyfile", "tls/key.pem");
lpcfg_do_global_parameter(lp_ctx, "tls certfile", "tls/cert.pem");
lpcfg_do_global_parameter(lp_ctx, "tls cafile", "tls/ca.pem");
Globals.dcerpc_endpoint_servers = str_list_make_v3_const(NULL, "epmapper wkssvc rpcecho samr netlogon lsarpc spoolss drsuapi dssetup unixinfo browser eventlog6 backupkey dnsserver", NULL);
Globals.tls_enabled = true;
- Globals.tls_verify_peer = TLS_VERIFY_PEER_NO_CHECK;
+ Globals.tls_verify_peer = TLS_VERIFY_PEER_AS_STRICT_AS_POSSIBLE;
lpcfg_string_set(Globals.ctx, &Globals._tls_keyfile, "tls/key.pem");
lpcfg_string_set(Globals.ctx, &Globals._tls_certfile, "tls/cert.pem");