fixed some of the TLS problems

This fixes two things in the TLS support for Samba4. The first is to
use a somewhat more correct hostname instead of 'Samba' when
generating the test certificates. That allows TLS test clients (such
as gnutls-cli) to connect to Samba4 using auto-generated certificates.

The second fix is to add a call to gcry_control() to tell gcrypt to
use /dev/urandom instead of /dev/random (on systems that support
that). That means that test certificate generation is now very fast,
which was previously an impediment to putting the TLS tests on the
build farm.

1 files changed, 8 insertions, 2 deletions

diff --git a/source4/lib/tls/tls.c b/source4/lib/tls/tls.c
index 99a15059ad..1014ab07a8 100644
--- a/source4/lib/tls/tls.c
+++ b/source4/lib/tls/tls.c
@@ -362,7 +362,7 @@ struct tls_params *tls_initialise(TALLOC_CTX *mem_ctx, struct loadparm_context *
 	const char *cafile = lp_tls_cafile(tmp_ctx, lp_ctx);
 	const char *crlfile = lp_tls_crlfile(tmp_ctx, lp_ctx);
 	const char *dhpfile = lp_tls_dhpfile(tmp_ctx, lp_ctx);
-	void tls_cert_generate(TALLOC_CTX *, const char *, const char *, const char *);
+	void tls_cert_generate(TALLOC_CTX *, const char *, const char *, const char *, const char *);
 	params = talloc(mem_ctx, struct tls_params);
 	if (params == NULL) {
 		talloc_free(tmp_ctx);
@@ -376,7 +376,13 @@ struct tls_params *tls_initialise(TALLOC_CTX *mem_ctx, struct loadparm_context *
 	}
 
 	if (!file_exist(cafile)) {
-		tls_cert_generate(params, keyfile, certfile, cafile);
+		char *hostname = talloc_asprintf(mem_ctx, "%s.%s",
+						 lp_netbios_name(lp_ctx), lp_realm(lp_ctx));
+		if (hostname == NULL) {
+			goto init_failed;
+		}
+		tls_cert_generate(params, hostname, keyfile, certfile, cafile);
+		talloc_free(hostname);
 	}
 
 	ret = gnutls_global_init();