From 374d73617d71abf594cc92d335cd8bc60c10a1b7 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Mon, 20 Jul 2015 11:22:46 +1200
Subject: lib/tls: Add new 'tls priority' option

This adds a new option to the smb.conf to allow administrators to disable
TLS protocols in GnuTLS without changing the code.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11076
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
---
 source4/librpc/rpc/dcerpc_roh.c | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'source4/librpc')

diff --git a/source4/librpc/rpc/dcerpc_roh.c b/source4/librpc/rpc/dcerpc_roh.c
index 09072940f90..61a22a79944 100644
--- a/source4/librpc/rpc/dcerpc_roh.c
+++ b/source4/librpc/rpc/dcerpc_roh.c
@@ -31,6 +31,7 @@
 #include "librpc/rpc/dcerpc.h"
 #include "librpc/rpc/dcerpc_roh.h"
 #include "librpc/rpc/dcerpc_proto.h"
+#include "lib/param/param.h"
 
 static ssize_t tstream_roh_pending_bytes(struct tstream_context *stream);
 static struct tevent_req * tstream_roh_readv_send(
@@ -185,6 +186,7 @@ struct tevent_req *dcerpc_pipe_open_roh_send(struct dcecli_connection *conn,
 	/* Initialize TLS */
 	if (use_tls) {
 		status = tstream_tls_params_client(state->roh, NULL, NULL,
+						   lpcfg_tls_priority(lp_ctx),
 						   &state->tls_params);
 		if (!NT_STATUS_IS_OK(status)) {
 			DEBUG(0,("%s: Failed tstream_tls_params_client - %s\n",
-- 
cgit v1.2.1