summaryrefslogtreecommitdiff
path: root/source4/lib/tls/tls.c
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2009-02-18 14:46:57 +1100
committerAndrew Tridgell <tridge@samba.org>2009-02-18 14:46:57 +1100
commitb1ff79dbb246e717fc4a62c7a615ca7ce9ccc302 (patch)
tree425441cc5230695a522d9a316d954dcc6a29207c /source4/lib/tls/tls.c
parent0281166bb9bdf0015085b4f0a3049e7bf5036da2 (diff)
downloadsamba-b1ff79dbb246e717fc4a62c7a615ca7ce9ccc302.tar.gz
samba-b1ff79dbb246e717fc4a62c7a615ca7ce9ccc302.tar.bz2
samba-b1ff79dbb246e717fc4a62c7a615ca7ce9ccc302.zip
fixed some of the TLS problems
This fixes two things in the TLS support for Samba4. The first is to use a somewhat more correct hostname instead of 'Samba' when generating the test certificates. That allows TLS test clients (such as gnutls-cli) to connect to Samba4 using auto-generated certificates. The second fix is to add a call to gcry_control() to tell gcrypt to use /dev/urandom instead of /dev/random (on systems that support that). That means that test certificate generation is now very fast, which was previously an impediment to putting the TLS tests on the build farm.
Diffstat (limited to 'source4/lib/tls/tls.c')
-rw-r--r--source4/lib/tls/tls.c10
1 files changed, 8 insertions, 2 deletions
diff --git a/source4/lib/tls/tls.c b/source4/lib/tls/tls.c
index 99a15059ad..1014ab07a8 100644
--- a/source4/lib/tls/tls.c
+++ b/source4/lib/tls/tls.c
@@ -362,7 +362,7 @@ struct tls_params *tls_initialise(TALLOC_CTX *mem_ctx, struct loadparm_context *
const char *cafile = lp_tls_cafile(tmp_ctx, lp_ctx);
const char *crlfile = lp_tls_crlfile(tmp_ctx, lp_ctx);
const char *dhpfile = lp_tls_dhpfile(tmp_ctx, lp_ctx);
- void tls_cert_generate(TALLOC_CTX *, const char *, const char *, const char *);
+ void tls_cert_generate(TALLOC_CTX *, const char *, const char *, const char *, const char *);
params = talloc(mem_ctx, struct tls_params);
if (params == NULL) {
talloc_free(tmp_ctx);
@@ -376,7 +376,13 @@ struct tls_params *tls_initialise(TALLOC_CTX *mem_ctx, struct loadparm_context *
}
if (!file_exist(cafile)) {
- tls_cert_generate(params, keyfile, certfile, cafile);
+ char *hostname = talloc_asprintf(mem_ctx, "%s.%s",
+ lp_netbios_name(lp_ctx), lp_realm(lp_ctx));
+ if (hostname == NULL) {
+ goto init_failed;
+ }
+ tls_cert_generate(params, hostname, keyfile, certfile, cafile);
+ talloc_free(hostname);
}
ret = gnutls_global_init();