This removes --with-ssl from Samba.

This option was badly maintained, useless and confused our users and
distirbutors.  (its SSL, therfore it must be good...)

No windows client uses this protocol without help from an SSL tunnel.

I can't see any reason why setting up a unix-side SSL wrapper would
be any more difficult than the > 10 config options this mess added
to samba in any case.

On the Samba client end, I think the LIBSMB_PROG hack should be
sufficient to start stunnel on the unix side.  We might extend this
to take %i and %p (IP and port) if there is demand.

Andrew Bartlett
(This used to be commit b04561d3fd3ee732877790fb4193b20ad72a75f8)

2 files changed, 0 insertions, 17 deletions

diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c
index 4ed2aae1f3..ec2c33f419 100644
--- a/source3/libsmb/cliconnect.c
+++ b/source3/libsmb/cliconnect.c
@@ -920,10 +920,6 @@ BOOL cli_session_request(struct cli_state *cli,
 	_smb_setlen(cli->outbuf,len);
 	SCVAL(cli->outbuf,0,0x81);
 
-#ifdef WITH_SSL
-retry:
-#endif /* WITH_SSL */
-
 	cli_send_smb(cli);
 	DEBUG(5,("Sent session request\n"));
 
@@ -969,15 +965,6 @@ retry:
 		}
 	} /* C. Hoch 9/14/95 End */
 
-#ifdef WITH_SSL
-    if (CVAL(cli->inbuf,0) == 0x83 && CVAL(cli->inbuf,4) == 0x8e){ /* use ssl */
-        if (!sslutil_fd_is_ssl(cli->fd)){
-            if (sslutil_connect(cli->fd) == 0)
-                goto retry;
-        }
-    }
-#endif /* WITH_SSL */
-
 	if (CVAL(cli->inbuf,0) != 0x82) {
                 /* This is the wrong place to put the error... JRA. */
 		cli->rap_error = CVAL(cli->inbuf,4);
diff --git a/source3/libsmb/clientgen.c b/source3/libsmb/clientgen.c
index ba7a327344..677a0f4220 100644
--- a/source3/libsmb/clientgen.c
+++ b/source3/libsmb/clientgen.c
@@ -247,10 +247,6 @@ void cli_shutdown(struct cli_state *cli)
 	if (cli->mem_ctx)
 		talloc_destroy(cli->mem_ctx);
 
-#ifdef WITH_SSL
-	if (cli->fd != -1)
-		sslutil_disconnect(cli->fd);
-#endif /* WITH_SSL */
 	if (cli->fd != -1) 
 		close(cli->fd);
 	allocated = cli->allocated;