From 60df2a09a4394d2b494224ad3d33314079e73066 Mon Sep 17 00:00:00 2001 From: Douglas Bagnall Date: Fri, 22 Mar 2024 16:20:18 +1300 Subject: [PATCH] selftest: move some more expected failures to expectedfail.d Signed-off-by: Douglas Bagnall Reviewed-by: Andrew Bartlett Autobuild-User(master): Andrew Bartlett Autobuild-Date(master): Wed Apr 10 06:15:46 UTC 2024 on atb-devel-224 --- selftest/expectedfail.d/ldap-tlsverifypeer | 10 ++++++++++ selftest/knownfail | 10 ---------- 2 files changed, 10 insertions(+), 10 deletions(-) create mode 100644 selftest/expectedfail.d/ldap-tlsverifypeer diff --git a/selftest/expectedfail.d/ldap-tlsverifypeer b/selftest/expectedfail.d/ldap-tlsverifypeer new file mode 100644 index 00000000000..d124487cdde --- /dev/null +++ b/selftest/expectedfail.d/ldap-tlsverifypeer @@ -0,0 +1,10 @@ +# These are supposed to fail as we want to verify the "tls verify peer" +# restrictions. Note that fl2008r2dc uses a self-signed certificate +# with does not have a crl file. +# +^samba4.ldb.simple.ldaps.*SERVER_NAME.*tlsverifypeer=ca_and_name_if_available\( +^samba4.ldb.simple.ldaps.*SERVER_NAME.*tlsverifypeer=ca_and_name\( +^samba4.ldb.simple.ldaps.*SERVER_NAME.*tlsverifypeer=as_strict_as_possible\( +^samba4.ldb.simple.ldaps.*SERVER_IP.*tlsverifypeer=ca_and_name\( +^samba4.ldb.simple.ldaps.*SERVER_IP.*tlsverifypeer=as_strict_as_possible\( +^samba4.ldb.simple.ldaps.*SERVER.REALM.*tlsverifypeer=as_strict_as_possible.*fl2008r2dc diff --git a/selftest/knownfail b/selftest/knownfail index 74698369157..77f5d5d5be6 100644 --- a/selftest/knownfail +++ b/selftest/knownfail @@ -317,16 +317,6 @@ ^samba4.ldb.simple.ldap with SIMPLE-BIND.*ad_dc_ntvfs # ldap server require strong auth = allow_sasl_over_tls ^samba4.ldb.simple.ldap with SIMPLE-BIND.*fl2003dc # ldap server require strong auth = yes ^samba4.ldb.simple.ldaps with SASL-BIND.*fl2003dc # ldap server require strong auth = yes -# These are supposed to fail as we want to verify the "tls verify peer" -# restrictions. Note that fl2008r2dc uses a self-signed certificate -# with does not have a crl file. -# -^samba4.ldb.simple.ldaps.*SERVER_NAME.*tlsverifypeer=ca_and_name_if_available\( -^samba4.ldb.simple.ldaps.*SERVER_NAME.*tlsverifypeer=ca_and_name\( -^samba4.ldb.simple.ldaps.*SERVER_NAME.*tlsverifypeer=as_strict_as_possible\( -^samba4.ldb.simple.ldaps.*SERVER_IP.*tlsverifypeer=ca_and_name\( -^samba4.ldb.simple.ldaps.*SERVER_IP.*tlsverifypeer=as_strict_as_possible\( -^samba4.ldb.simple.ldaps.*SERVER.REALM.*tlsverifypeer=as_strict_as_possible.*fl2008r2dc # # we don't allow auth_level_connect anymore... #