CVE-2016-2113: docs-xml: let "tls verify peer" default to "as_strict_as_possible"

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11752 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
author: Stefan Metzmacher <metze@samba.org> 2016-03-16 13:03:08 +0100
committer: Stefan Metzmacher <metze@samba.org> 2016-04-12 19:25:25 +0200
commit: 6ad9ba72a7739ca9da5d9c2f3c6c680d69d15251 (patch)
tree: 1656261742242ea7a2a98b1c582fbd9762eabb0e /source3/param
parent: 7cf3318fa99aa52c9baf669c6cf5ab440ff2b801 (diff)
download: samba-6ad9ba72a7739ca9da5d9c2f3c6c680d69d15251.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index a2b1000f9d3..17cbaff577a 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -869,7 +869,7 @@ static void init_globals(struct loadparm_context *lp_ctx, bool reinit_globals)
 	Globals.dcerpc_endpoint_servers = str_list_make_v3_const(NULL, "epmapper wkssvc rpcecho samr netlogon lsarpc spoolss drsuapi dssetup unixinfo browser eventlog6 backupkey dnsserver", NULL);
 
 	Globals.tls_enabled = true;
-	Globals.tls_verify_peer = TLS_VERIFY_PEER_NO_CHECK;
+	Globals.tls_verify_peer = TLS_VERIFY_PEER_AS_STRICT_AS_POSSIBLE;
 
 	lpcfg_string_set(Globals.ctx, &Globals._tls_keyfile, "tls/key.pem");
 	lpcfg_string_set(Globals.ctx, &Globals._tls_certfile, "tls/cert.pem");
author	Stefan Metzmacher <metze@samba.org>	2016-03-16 13:03:08 +0100
committer	Stefan Metzmacher <metze@samba.org>	2016-04-12 19:25:25 +0200
commit	6ad9ba72a7739ca9da5d9c2f3c6c680d69d15251 (patch)
tree	1656261742242ea7a2a98b1c582fbd9762eabb0e /source3/param
parent	7cf3318fa99aa52c9baf669c6cf5ab440ff2b801 (diff)
download	samba-6ad9ba72a7739ca9da5d9c2f3c6c680d69d15251.tar.gz