From e72b2c94b56b30cce5a2f47a080e70a83a551d19 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Mon, 21 Mar 2016 03:56:22 +0100
Subject: CVE-2016-2113: s4:selftest: explicitly use
 '--option="tlsverifypeer=no_check" for some ldaps tests
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11752

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
---
 source4/selftest/tests.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'source4/selftest')

diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py
index 80f5ab9b227..64347b53899 100755
--- a/source4/selftest/tests.py
+++ b/source4/selftest/tests.py
@@ -80,6 +80,7 @@ for env in ["ad_dc_ntvfs", "fl2008r2dc", "fl2003dc"]:
     plantestsuite("samba4.ldb.simple.ldap with SIMPLE-BIND %s(%s)" % (options, env),
                   env, "%s/test_ldb_simple.sh ldap $SERVER %s" % (bbdir, options))
     if have_tls_support:
+        options += ' --option="tlsverifypeer=no_check"'
         plantestsuite("samba4.ldb.simple.ldaps with SIMPLE-BIND %s(%s)" % (options, env),
                       env, "%s/test_ldb_simple.sh ldaps $SERVER %s" % (bbdir, options))
 
@@ -94,7 +95,7 @@ for env in ["ad_dc_ntvfs", "fl2008r2dc", "fl2003dc"]:
         plantestsuite("samba4.ldb.simple.ldap with SASL-BIND %s(%s)" % (options, env),
                       env, "%s/test_ldb_simple.sh ldap $SERVER %s" % (bbdir, options))
     if have_tls_support:
-        options = '-U"$USERNAME%$PASSWORD"'
+        options = '-U"$USERNAME%$PASSWORD" --option="tlsverifypeer=no_check"'
         plantestsuite("samba4.ldb.simple.ldaps with SASL-BIND %s(%s)" % (options, env),
                       env, "%s/test_ldb_simple.sh ldaps $SERVER %s" % (bbdir, options))
 
-- 
cgit v1.2.1