/*
Bacula® - The Network Backup Solution
- Copyright (C) 2005-2007 Free Software Foundation Europe e.V.
+ Copyright (C) 2005-2008 Free Software Foundation Europe e.V.
The main author of Bacula is Kern Sibbald, with contributions from
many others, a complete list can be found in the file AUTHORS.
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
02110-1301, USA.
- Bacula® is a registered trademark of John Walker.
+ Bacula® is a registered trademark of Kern Sibbald.
The licensor of Bacula is the Free Software Foundation Europe
(FSFE), Fiduciary Program, Sumatrastrasse 25, 8006 Zürich,
Switzerland, email:ftf@fsfeurope.org.
#include "bacula.h"
#include <assert.h>
-extern time_t watchdog_time;
#ifdef HAVE_TLS /* Is TLS enabled? */
X509_NAME_oneline(X509_get_issuer_name(cert), issuer, 256);
X509_NAME_oneline(X509_get_subject_name(cert), subject, 256);
- Jmsg5(get_jcr_from_tid(), M_ERROR, 0, _("Error with certificate at depth: %d, issuer = %s,"
- " subject = %s, ERR=%d:%s\n"), depth, issuer,
- subject, err, X509_verify_cert_error_string(err));
+ Jmsg5(NULL, M_ERROR, 0, _("Error with certificate at depth: %d, issuer = %s,"
+ " subject = %s, ERR=%d:%s\n"), depth, issuer,
+ subject, err, X509_verify_cert_error_string(err));
}
}
} else if (verify_peer) {
/* At least one CA is required for peer verification */
- Jmsg0(get_jcr_from_tid(), M_ERROR, 0, _("Either a certificate file or a directory must be"
+ Jmsg0(NULL, M_ERROR, 0, _("Either a certificate file or a directory must be"
" specified as a verification store\n"));
goto err;
}
}
if (SSL_CTX_set_cipher_list(ctx->openssl, TLS_DEFAULT_CIPHERS) != 1) {
- Jmsg0(get_jcr_from_tid(), M_ERROR, 0,
+ Jmsg0(NULL, M_ERROR, 0,
_("Error setting cipher list, no valid ciphers available\n"));
goto err;
}
* Returns: true on success
* false on failure
*/
-bool tls_postconnect_verify_cn(TLS_CONNECTION *tls, alist *verify_list)
+bool tls_postconnect_verify_cn(JCR *jcr, TLS_CONNECTION *tls, alist *verify_list)
{
SSL *ssl = tls->openssl;
X509 *cert;
/* Check if peer provided a certificate */
if (!(cert = SSL_get_peer_certificate(ssl))) {
- Jmsg0(get_jcr_from_tid(), M_ERROR, 0, _("Peer failed to present a TLS certificate\n"));
+ Qmsg0(jcr, M_ERROR, 0, _("Peer failed to present a TLS certificate\n"));
return false;
}
* Returns: true on success
* false on failure
*/
-bool tls_postconnect_verify_host(TLS_CONNECTION *tls, const char *host)
+bool tls_postconnect_verify_host(JCR *jcr, TLS_CONNECTION *tls, const char *host)
{
SSL *ssl = tls->openssl;
X509 *cert;
/* Check if peer provided a certificate */
if (!(cert = SSL_get_peer_certificate(ssl))) {
- Jmsg1(get_jcr_from_tid(), M_ERROR, 0,
+ Qmsg1(jcr, M_ERROR, 0,
_("Peer %s failed to present a TLS certificate\n"), host);
return false;
}
tv.tv_sec = 10;
tv.tv_usec = 0;
/* Block until we can read */
- select(fdmax, &fdset, NULL, &fdset, &tv);
+ select(fdmax, &fdset, NULL, NULL, &tv);
break;
case SSL_ERROR_WANT_WRITE:
/* If we timeout of a select, this will be unset */
tv.tv_sec = 10;
tv.tv_usec = 0;
/* Block until we can write */
- select(fdmax, NULL, &fdset, &fdset, &tv);
+ select(fdmax, NULL, &fdset, NULL, &tv);
break;
default:
- /* Socket Error Occured */
+ /* Socket Error Occurred */
openssl_post_errors(M_ERROR, _("Connect failure"));
stat = false;
goto cleanup;
bsock->set_blocking();
err = SSL_shutdown(bsock->tls->openssl);
- if (err = 0) {
+ if (err == 0) {
/* Complete shutdown */
err = SSL_shutdown(bsock->tls->openssl);
}
break;
case SSL_ERROR_WANT_READ:
+ /* If we timeout on a select, this will be unset */
+ FD_SET((unsigned)bsock->m_fd, &fdset);
+ tv.tv_sec = 10;
+ tv.tv_usec = 0;
+ /* Block until we can read */
+ select(fdmax, &fdset, NULL, NULL, &tv);
+ break;
+
case SSL_ERROR_WANT_WRITE:
/* If we timeout on a select, this will be unset */
FD_SET((unsigned)bsock->m_fd, &fdset);
tv.tv_sec = 10;
tv.tv_usec = 0;
- /* Block until we can read or write */
- select(fdmax, NULL, &fdset, &fdset, &tv);
+ /* Block until we can write */
+ select(fdmax, NULL, &fdset, NULL, &tv);
break;
case SSL_ERROR_ZERO_RETURN: