From b1ff79dbb246e717fc4a62c7a615ca7ce9ccc302 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 18 Feb 2009 14:46:57 +1100 Subject: fixed some of the TLS problems This fixes two things in the TLS support for Samba4. The first is to use a somewhat more correct hostname instead of 'Samba' when generating the test certificates. That allows TLS test clients (such as gnutls-cli) to connect to Samba4 using auto-generated certificates. The second fix is to add a call to gcry_control() to tell gcrypt to use /dev/urandom instead of /dev/random (on systems that support that). That means that test certificate generation is now very fast, which was previously an impediment to putting the TLS tests on the build farm. --- source4/lib/tls/tls.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) (limited to 'source4/lib/tls/tls.c') diff --git a/source4/lib/tls/tls.c b/source4/lib/tls/tls.c index 99a15059ad..1014ab07a8 100644 --- a/source4/lib/tls/tls.c +++ b/source4/lib/tls/tls.c @@ -362,7 +362,7 @@ struct tls_params *tls_initialise(TALLOC_CTX *mem_ctx, struct loadparm_context * const char *cafile = lp_tls_cafile(tmp_ctx, lp_ctx); const char *crlfile = lp_tls_crlfile(tmp_ctx, lp_ctx); const char *dhpfile = lp_tls_dhpfile(tmp_ctx, lp_ctx); - void tls_cert_generate(TALLOC_CTX *, const char *, const char *, const char *); + void tls_cert_generate(TALLOC_CTX *, const char *, const char *, const char *, const char *); params = talloc(mem_ctx, struct tls_params); if (params == NULL) { talloc_free(tmp_ctx); @@ -376,7 +376,13 @@ struct tls_params *tls_initialise(TALLOC_CTX *mem_ctx, struct loadparm_context * } if (!file_exist(cafile)) { - tls_cert_generate(params, keyfile, certfile, cafile); + char *hostname = talloc_asprintf(mem_ctx, "%s.%s", + lp_netbios_name(lp_ctx), lp_realm(lp_ctx)); + if (hostname == NULL) { + goto init_failed; + } + tls_cert_generate(params, hostname, keyfile, certfile, cafile); + talloc_free(hostname); } ret = gnutls_global_init(); -- cgit