* under an alternate open source license please contact
* Landon Fuller <landonf@threerings.net>.
*/
-/*
- This library is free software; you can redistribute it and/or
- modify it under the terms of the GNU Lesser General Public
- License as published by the Free Software Foundation; either
- version 2.1 of the License, or (at your option) any later version.
-
- This library is distributed in the hope that it will be useful,
+/*
+ Copyright (C) 2005 Kern Sibbald
+
+ This program is free software; you can redistribute it and/or
+ modify it under the terms of the GNU General Public License
+ version 2 as amended with additional clauses defined in the
+ file LICENSE in the main source directory.
+
+ This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Lesser General Public License for more details.
-
- You should have received a copy of the GNU Lesser General Public
- License along with this library; if not, write to the Free
- Software Foundation, Inc., 59 Temple Place, Suite 330, Boston,
- MA 02111-1307, USA.
- */
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ the file LICENSE for additional details.
+ */
#include "bacula.h"
#include <assert.h>
X509V3_EXT_METHOD *method;
STACK_OF(CONF_VALUE) *val;
CONF_VALUE *nval;
- unsigned char *data;
void *extstr = NULL;
+#if (OPENSSL_VERSION_NUMBER >= 0x0090800FL)
+ const unsigned char *ext_value_data;
+#else
+ unsigned char *ext_value_data;
+#endif
/* Get x509 extension method structure */
if (!(method = X509V3_EXT_get(ext))) {
break;
}
- data = ext->value->data;
+ ext_value_data = ext->value->data;
#if (OPENSSL_VERSION_NUMBER > 0x00907000L)
if (method->it) {
/* New style ASN1 */
/* Decode ASN1 item in data */
- extstr = ASN1_item_d2i(NULL, &data, ext->value->length,
+ extstr = ASN1_item_d2i(NULL, &ext_value_data, ext->value->length,
ASN1_ITEM_ptr(method->it));
} else {
/* Old style ASN1 */
/* Decode ASN1 item in data */
- extstr = method->d2i(NULL, &data, ext->value->length);
+ extstr = method->d2i(NULL, &ext_value_data, ext->value->length);
}
#else
- extstr = method->d2i(NULL, &data, ext->value->length);
+ extstr = method->d2i(NULL, &ext_value_data, ext->value->length);
#endif
/* Iterate through to find the dNSName field(s) */
bio = BIO_new(BIO_s_socket());
if (!bio) {
/* Not likely, but never say never */
- openssl_post_errors(M_ERROR, "Error creating file descriptor-based BIO");
+ openssl_post_errors(M_ERROR, _("Error creating file descriptor-based BIO"));
return NULL; /* Nothing allocated, nothing to clean up */
}
BIO_set_fd(bio, fd, BIO_NOCLOSE);
/* Create the SSL object and attach the socket BIO */
if ((tls->openssl = SSL_new(ctx->openssl)) == NULL) {
/* Not likely, but never say never */
- openssl_post_errors(M_ERROR, "Error creating new SSL object");
+ openssl_post_errors(M_ERROR, _("Error creating new SSL object"));
goto err;
}
/* Zero the fdset, we'll set our fd prior to each invocation of select() */
FD_ZERO(&fdset);
- tv.tv_sec = 10;
- tv.tv_usec = 0;
fdmax = bsock->fd + 1;
/* Ensure that socket is non-blocking */
/* Handle errors */
switch (SSL_get_error(tls->openssl, err)) {
- case SSL_ERROR_NONE:
- stat = true;
- goto cleanup;
- case SSL_ERROR_ZERO_RETURN:
- /* TLS connection was cleanly shut down */
- openssl_post_errors(M_ERROR, "Connect failure");
- stat = false;
- goto cleanup;
- case SSL_ERROR_WANT_READ:
- /* If we timeout of a select, this will be unset */
- FD_SET((unsigned) bsock->fd, &fdset);
- /* Block until we can read */
- select(fdmax, &fdset, NULL, &fdset, &tv);
- break;
- case SSL_ERROR_WANT_WRITE:
- /* If we timeout of a select, this will be unset */
- FD_SET((unsigned) bsock->fd, &fdset);
- /* Block until we can write */
- select(fdmax, NULL, &fdset, &fdset, &tv);
- break;
- default:
- /* Socket Error Occured */
- openssl_post_errors(M_ERROR, "Connect failure");
- stat = false;
- goto cleanup;
+ case SSL_ERROR_NONE:
+ stat = true;
+ goto cleanup;
+ case SSL_ERROR_ZERO_RETURN:
+ /* TLS connection was cleanly shut down */
+ openssl_post_errors(M_ERROR, _("Connect failure"));
+ stat = false;
+ goto cleanup;
+ case SSL_ERROR_WANT_READ:
+ /* If we timeout of a select, this will be unset */
+ FD_SET((unsigned) bsock->fd, &fdset);
+ /* Set our timeout */
+ tv.tv_sec = 10;
+ tv.tv_usec = 0;
+ /* Block until we can read */
+ select(fdmax, &fdset, NULL, &fdset, &tv);
+ break;
+ case SSL_ERROR_WANT_WRITE:
+ /* If we timeout of a select, this will be unset */
+ FD_SET((unsigned) bsock->fd, &fdset);
+ /* Set our timeout */
+ tv.tv_sec = 10;
+ tv.tv_usec = 0;
+ /* Block until we can write */
+ select(fdmax, NULL, &fdset, &fdset, &tv);
+ break;
+ default:
+ /* Socket Error Occured */
+ openssl_post_errors(M_ERROR, _("Connect failure"));
+ stat = false;
+ goto cleanup;
}
if (bsock->timed_out) {
/* Zero the fdset, we'll set our fd prior to each invocation of select() */
FD_ZERO(&fdset);
- tv.tv_sec = 10;
- tv.tv_usec = 0;
fdmax = bsock->fd + 1;
/* Ensure that socket is non-blocking */
/* Handle errors */
switch (SSL_get_error(tls->openssl, nwritten)) {
- case SSL_ERROR_NONE:
- nleft -= nwritten;
- if (nleft) {
- ptr += nwritten;
- }
- break;
- case SSL_ERROR_ZERO_RETURN:
- /* TLS connection was cleanly shut down */
- openssl_post_errors(M_ERROR, _("TLS read/write failure."));
- goto cleanup;
- case SSL_ERROR_WANT_READ:
- /* If we timeout of a select, this will be unset */
- FD_SET((unsigned) bsock->fd, &fdset);
- /* Block until we can read */
- select(fdmax, &fdset, NULL, &fdset, &tv);
- break;
- case SSL_ERROR_WANT_WRITE:
- /* If we timeout of a select, this will be unset */
- FD_SET((unsigned) bsock->fd, &fdset);
- /* Block until we can write */
- select(fdmax, NULL, &fdset, &fdset, &tv);
- break;
- default:
- /* Socket Error Occured */
- openssl_post_errors(M_ERROR, _("TLS read/write failure."));
- goto cleanup;
+ case SSL_ERROR_NONE:
+ nleft -= nwritten;
+ if (nleft) {
+ ptr += nwritten;
+ }
+ break;
+ case SSL_ERROR_ZERO_RETURN:
+ /* TLS connection was cleanly shut down */
+ openssl_post_errors(M_ERROR, _("TLS read/write failure."));
+ goto cleanup;
+ case SSL_ERROR_WANT_READ:
+ /* If we timeout of a select, this will be unset */
+ FD_SET((unsigned) bsock->fd, &fdset);
+ tv.tv_sec = 10;
+ tv.tv_usec = 0;
+ /* Block until we can read */
+ select(fdmax, &fdset, NULL, &fdset, &tv);
+ break;
+ case SSL_ERROR_WANT_WRITE:
+ /* If we timeout of a select, this will be unset */
+ FD_SET((unsigned) bsock->fd, &fdset);
+ tv.tv_sec = 10;
+ tv.tv_usec = 0;
+ /* Block until we can write */
+ select(fdmax, NULL, &fdset, &fdset, &tv);
+ break;
+ default:
+ /* Socket Error Occured */
+ openssl_post_errors(M_ERROR, _("TLS read/write failure."));
+ goto cleanup;
}
/* Everything done? */
dynlock = (struct CRYPTO_dynlock_value *) malloc(sizeof(struct CRYPTO_dynlock_value));
if ((stat = pthread_mutex_init(&dynlock->mutex, NULL)) != 0) {
- Emsg1(M_ABORT, 0, "Unable to init mutex: ERR=%s\n", strerror(stat));
+ Emsg1(M_ABORT, 0, _("Unable to init mutex: ERR=%s\n"), strerror(stat));
}
return dynlock;
int stat;
if ((stat = pthread_mutex_destroy(&dynlock->mutex)) != 0) {
- Emsg1(M_ABORT, 0, "Unable to destroy mutex: ERR=%s\n", strerror(stat));
+ Emsg1(M_ABORT, 0, _("Unable to destroy mutex: ERR=%s\n"), strerror(stat));
}
free(dynlock);
mutexes = (pthread_mutex_t *) malloc(numlocks * sizeof(pthread_mutex_t));
for (i = 0; i < numlocks; i++) {
if ((stat = pthread_mutex_init(&mutexes[i], NULL)) != 0) {
- Emsg1(M_ERROR, 0, "Unable to init mutex: ERR=%s\n", strerror(stat));
+ Emsg1(M_ERROR, 0, _("Unable to init mutex: ERR=%s\n"), strerror(stat));
return stat;
}
}
for (i = 0; i < numlocks; i++) {
if ((stat = pthread_mutex_destroy(&mutexes[i])) != 0) {
/* We don't halt execution, reporting the error should be sufficient */
- Emsg1(M_ERROR, 0, "Unable to destroy mutex: ERR=%s\n", strerror(stat));
+ Emsg1(M_ERROR, 0, _("Unable to destroy mutex: ERR=%s\n"), strerror(stat));
}
}
int stat;
if ((stat = openssl_init_threads()) != 0) {
- Emsg1(M_ABORT, 0, "Unable to init OpenSSL threading: ERR=%s\n", strerror(stat));
+ Emsg1(M_ABORT, 0, _("Unable to init OpenSSL threading: ERR=%s\n"), strerror(stat));
}
/* Load libssl and libcrypto human-readable error strings */
/* Dummy routines */
int init_tls(void) { return 0; }
int cleanup_tls (void) { return 0; }
-
+TLS_CONTEXT *new_tls_context(const char *ca_certfile, const char *ca_certdir,
+ const char *certfile, const char *keyfile,
+ TLS_PEM_PASSWD_CB *pem_callback,
+ const void *pem_userdata, const char *dhfile,
+ bool verify_peer)
+{
+ return NULL;
+}
+void free_tls_context(TLS_CONTEXT *ctx) { }
#endif /* HAVE_TLS */