+ Jmsg1(NULL, M_ERROR, 0, _("No Working Directory defined in %s. Cannot continue.\n"),
+ configfile);
+ OK = false;
+ }
+
+ DIRRES *director;
+ STORES *store;
+ foreach_res(store, R_STORAGE) {
+ /* tls_require implies tls_enable */
+ if (store->tls_require) {
+ if (have_tls) {
+ store->tls_enable = true;
+ } else {
+ Jmsg(NULL, M_FATAL, 0, _("TLS required but not configured in Bacula.\n"));
+ OK = false;
+ continue;
+ }
+ }
+
+ tls_needed = store->tls_enable || store->tls_authenticate;
+
+ if (!store->tls_certfile && tls_needed) {
+ Jmsg(NULL, M_FATAL, 0, _("\"TLS Certificate\" file not defined for Storage \"%s\" in %s.\n"),
+ store->hdr.name, configfile);
+ OK = false;
+ }
+
+ if (!store->tls_keyfile && tls_needed) {
+ Jmsg(NULL, M_FATAL, 0, _("\"TLS Key\" file not defined for Storage \"%s\" in %s.\n"),
+ store->hdr.name, configfile);
+ OK = false;
+ }
+
+ if ((!store->tls_ca_certfile && !store->tls_ca_certdir) && tls_needed && store->tls_verify_peer) {
+ Jmsg(NULL, M_FATAL, 0, _("Neither \"TLS CA Certificate\""
+ " or \"TLS CA Certificate Dir\" are defined for Storage \"%s\" in %s."
+ " At least one CA certificate store is required"
+ " when using \"TLS Verify Peer\".\n"),
+ store->hdr.name, configfile);
+ OK = false;
+ }
+
+ /* If everything is well, attempt to initialize our per-resource TLS context */
+ if (OK && (tls_needed || store->tls_require)) {
+ /* Initialize TLS context:
+ * Args: CA certfile, CA certdir, Certfile, Keyfile,
+ * Keyfile PEM Callback, Keyfile CB Userdata, DHfile, Verify Peer */
+ store->tls_ctx = new_tls_context(store->tls_ca_certfile,
+ store->tls_ca_certdir, store->tls_certfile,
+ store->tls_keyfile, NULL, NULL, store->tls_dhfile,
+ store->tls_verify_peer);
+
+ if (!store->tls_ctx) {
+ Jmsg(NULL, M_FATAL, 0, _("Failed to initialize TLS context for Storage \"%s\" in %s.\n"),
+ store->hdr.name, configfile);
+ OK = false;
+ }
+ }
+ }
+
+ foreach_res(director, R_DIRECTOR) {
+ /* tls_require implies tls_enable */
+ if (director->tls_require) {
+ director->tls_enable = true;
+ }
+
+ tls_needed = director->tls_enable || director->tls_authenticate;
+
+ if (!director->tls_certfile && tls_needed) {
+ Jmsg(NULL, M_FATAL, 0, _("\"TLS Certificate\" file not defined for Director \"%s\" in %s.\n"),
+ director->hdr.name, configfile);
+ OK = false;
+ }
+
+ if (!director->tls_keyfile && tls_needed) {
+ Jmsg(NULL, M_FATAL, 0, _("\"TLS Key\" file not defined for Director \"%s\" in %s.\n"),
+ director->hdr.name, configfile);
+ OK = false;
+ }
+
+ if ((!director->tls_ca_certfile && !director->tls_ca_certdir) && tls_needed && director->tls_verify_peer) {
+ Jmsg(NULL, M_FATAL, 0, _("Neither \"TLS CA Certificate\""
+ " or \"TLS CA Certificate Dir\" are defined for Director \"%s\" in %s."
+ " At least one CA certificate store is required"
+ " when using \"TLS Verify Peer\".\n"),
+ director->hdr.name, configfile);
+ OK = false;
+ }
+
+ /* If everything is well, attempt to initialize our per-resource TLS context */
+ if (OK && (tls_needed || director->tls_require)) {
+ /* Initialize TLS context:
+ * Args: CA certfile, CA certdir, Certfile, Keyfile,
+ * Keyfile PEM Callback, Keyfile CB Userdata, DHfile, Verify Peer */
+ director->tls_ctx = new_tls_context(director->tls_ca_certfile,
+ director->tls_ca_certdir, director->tls_certfile,
+ director->tls_keyfile, NULL, NULL, director->tls_dhfile,
+ director->tls_verify_peer);
+
+ if (!director->tls_ctx) {
+ Jmsg(NULL, M_FATAL, 0, _("Failed to initialize TLS context for Director \"%s\" in %s.\n"),
+ director->hdr.name, configfile);
+ OK = false;
+ }
+ }