/*
Bacula® - The Network Backup Solution
- Copyright (C) 2005-2010 Free Software Foundation Europe e.V.
+ Copyright (C) 2005-2014 Free Software Foundation Europe e.V.
- The main author of Bacula is Kern Sibbald, with contributions from
- many others, a complete list can be found in the file AUTHORS.
- This program is Free Software; you can redistribute it and/or
- modify it under the terms of version three of the GNU Affero General Public
- License as published by the Free Software Foundation and included
- in the file LICENSE.
+ The main author of Bacula is Kern Sibbald, with contributions from many
+ others, a complete list can be found in the file AUTHORS.
- This program is distributed in the hope that it will be useful, but
- WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- General Public License for more details.
-
- You should have received a copy of the GNU Affero General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
- 02110-1301, USA.
+ You may use this file and others of this release according to the
+ license defined in the LICENSE file, which includes the Affero General
+ Public License, v3.0 ("AGPLv3") and some additional permissions and
+ terms pursuant to its AGPLv3 Section 7.
Bacula® is a registered trademark of Kern Sibbald.
- The licensor of Bacula is the Free Software Foundation Europe
- (FSFE), Fiduciary Program, Sumatrastrasse 25, 8006 Zürich,
- Switzerland, email:ftf@fsfeurope.org.
*/
/*
* tls.c TLS support functions
free(ctx);
}
-bool get_tls_require(TLS_CONTEXT *ctx)
+bool get_tls_require(TLS_CONTEXT *ctx)
{
return ctx->tls_require;
}
-bool get_tls_enable(TLS_CONTEXT *ctx)
+bool get_tls_enable(TLS_CONTEXT *ctx)
{
return ctx->tls_enable;
}
/* Check if peer provided a certificate */
if (!(cert = SSL_get_peer_certificate(ssl))) {
- Qmsg1(jcr, M_ERROR, 0,
+ Qmsg1(jcr, M_ERROR, 0,
_("Peer %s failed to present a TLS certificate\n"), host);
+ Dmsg1(250, _("Peer %s failed to present a TLS certificate\n"), host);
return false;
}
val = method->i2v(method, extstr, NULL);
/* dNSName shortname is "DNS" */
+ Dmsg0(250, "Check DNS name\n");
for (j = 0; j < sk_CONF_VALUE_num(val); j++) {
nval = sk_CONF_VALUE_value(val, j);
if (strcmp(nval->name, "DNS") == 0) {
auth_success = true;
goto success;
}
+ Dmsg2(250, "No DNS name match. Host=%s cert=%s\n", host, nval->value);
}
}
}
/* Try verifying against the subject name */
if (!auth_success) {
+ Dmsg0(250, "Check subject name name\n");
if ((subject = X509_get_subject_name(cert)) != NULL) {
/* Loop through all CNs */
for (;;) {
auth_success = true;
break;
}
+ Dmsg2(250, "No subject name match. Host=%s cert=%s\n", host, (const char*)asn1CN->data);
}
}
}
success:
X509_free(cert);
-
return auth_success;
}
bsock->clear_timed_out();
bsock->set_killable(false);
- for (;;) {
+ for (;;) {
if (server) {
err = SSL_accept(tls->openssl);
} else {
nleft = nbytes;
- while (nleft > 0) {
+ while (nleft > 0) {
if (write) {
nwritten = SSL_write(tls->openssl, ptr, nleft);
} else {
}
-int tls_bsock_writen(BSOCK *bsock, char *ptr, int32_t nbytes)
+int tls_bsock_writen(BSOCK *bsock, char *ptr, int32_t nbytes)
{
/* SSL_write(bsock->tls->openssl, ptr, nbytes) */
return openssl_bsock_readwrite(bsock, ptr, nbytes, true);
}
-int tls_bsock_readn(BSOCK *bsock, char *ptr, int32_t nbytes)
+int tls_bsock_readn(BSOCK *bsock, char *ptr, int32_t nbytes)
{
/* SSL_read(bsock->tls->openssl, ptr, nbytes) */
return openssl_bsock_readwrite(bsock, ptr, nbytes, false);
void free_tls_connection(TLS_CONNECTION *tls) { }
-bool get_tls_require(TLS_CONTEXT *ctx)
+bool get_tls_require(TLS_CONTEXT *ctx)
{
return false;
}
-bool get_tls_enable(TLS_CONTEXT *ctx)
+bool get_tls_enable(TLS_CONTEXT *ctx)
{
return false;
}