From ce9e278a96b6d160309fd176a3f0a047f13d9c48 Mon Sep 17 00:00:00 2001 From: Kern Sibbald Date: Tue, 3 May 2005 17:21:43 +0000 Subject: [PATCH] Make a few tls ifdef tweaks git-svn-id: https://bacula.svn.sourceforge.net/svnroot/bacula/trunk@1988 91ce42f0-d328-0410-95d8-f526ca767f89 --- bacula/src/dird/dird.c | 194 ++++++++++++++++++------------------- bacula/src/filed/filed.c | 101 ++++++++++--------- bacula/src/lib/protos.h | 29 +++--- bacula/src/lib/tls.c | 2 + bacula/src/stored/stored.c | 121 +++++++++++------------ 5 files changed, 219 insertions(+), 228 deletions(-) diff --git a/bacula/src/dird/dird.c b/bacula/src/dird/dird.c index c1909f8c4e..fd0584ee69 100644 --- a/bacula/src/dird/dird.c +++ b/bacula/src/dird/dird.c @@ -284,9 +284,7 @@ static void terminate_dird(int sig) term_ua_server(); term_msg(); /* terminate message handler */ stop_watchdog(); -#ifdef HAVE_TLS cleanup_tls(); -#endif close_memory_pool(); /* release free memory in pool */ sm_dump(false); exit(sig); @@ -501,45 +499,45 @@ static int check_resources() #ifdef HAVE_TLS /* tls_require implies tls_enable */ if (director->tls_require) { - director->tls_enable = true; + director->tls_enable = true; } if (!director->tls_certfile && director->tls_enable) { - Jmsg(NULL, M_FATAL, 0, _("\"TLS Certificate\" file not defined for Director \"%s\" in %s.\n"), - director->hdr.name, configfile); - OK = false; + Jmsg(NULL, M_FATAL, 0, _("\"TLS Certificate\" file not defined for Director \"%s\" in %s.\n"), + director->hdr.name, configfile); + OK = false; } if (!director->tls_keyfile && director->tls_enable) { - Jmsg(NULL, M_FATAL, 0, _("\"TLS Key\" file not defined for Director \"%s\" in %s.\n"), - director->hdr.name, configfile); - OK = false; + Jmsg(NULL, M_FATAL, 0, _("\"TLS Key\" file not defined for Director \"%s\" in %s.\n"), + director->hdr.name, configfile); + OK = false; } if ((!director->tls_ca_certfile && !director->tls_ca_certdir) && director->tls_enable && director->tls_verify_peer) { - Jmsg(NULL, M_FATAL, 0, _("Neither \"TLS CA Certificate\" or \"TLS CA" - " Certificate Dir\" are defined for Director \"%s\" in %s." - " At least one CA certificate store is required" - " when using \"TLS Verify Peer\".\n"), - director->hdr.name, configfile); - OK = false; + Jmsg(NULL, M_FATAL, 0, _("Neither \"TLS CA Certificate\" or \"TLS CA" + " Certificate Dir\" are defined for Director \"%s\" in %s." + " At least one CA certificate store is required" + " when using \"TLS Verify Peer\".\n"), + director->hdr.name, configfile); + OK = false; } /* If everything is well, attempt to initialize our per-resource TLS context */ if (OK && (director->tls_enable || director->tls_require)) { - /* Initialize TLS context: - * Args: CA certfile, CA certdir, Certfile, Keyfile, - * Keyfile PEM Callback, Keyfile CB Userdata, DHfile, Verify Peer */ - director->tls_ctx = new_tls_context(director->tls_ca_certfile, - director->tls_ca_certdir, director->tls_certfile, - director->tls_keyfile, NULL, NULL, director->tls_dhfile, - director->tls_verify_peer); - - if (!director->tls_ctx) { - Jmsg(NULL, M_FATAL, 0, _("Failed to initialize TLS context for Director \"%s\" in %s.\n"), - director->hdr.name, configfile); - OK = false; - } + /* Initialize TLS context: + * Args: CA certfile, CA certdir, Certfile, Keyfile, + * Keyfile PEM Callback, Keyfile CB Userdata, DHfile, Verify Peer */ + director->tls_ctx = new_tls_context(director->tls_ca_certfile, + director->tls_ca_certdir, director->tls_certfile, + director->tls_keyfile, NULL, NULL, director->tls_dhfile, + director->tls_verify_peer); + + if (!director->tls_ctx) { + Jmsg(NULL, M_FATAL, 0, _("Failed to initialize TLS context for Director \"%s\" in %s.\n"), + director->hdr.name, configfile); + OK = false; + } } #endif /* HAVE_TLS */ } @@ -711,33 +709,33 @@ static int check_resources() } #ifdef HAVE_TLS - /* tls_require implies tls_enable */ - if (store->tls_require) { - store->tls_enable = true; - } - - if ((!store->tls_ca_certfile && !store->tls_ca_certdir) && store->tls_enable) { - Jmsg(NULL, M_FATAL, 0, _("Neither \"TLS CA Certificate\"" - " or \"TLS CA Certificate Dir\" are defined for Storage \"%s\" in %s.\n"), - store->hdr.name, configfile); - OK = false; - } - - /* If everything is well, attempt to initialize our per-resource TLS context */ - if (OK && (store->tls_enable || store->tls_require)) { - /* Initialize TLS context: - * Args: CA certfile, CA certdir, Certfile, Keyfile, - * Keyfile PEM Callback, Keyfile CB Userdata, DHfile, Verify Peer */ - store->tls_ctx = new_tls_context(store->tls_ca_certfile, - store->tls_ca_certdir, store->tls_certfile, - store->tls_keyfile, NULL, NULL, NULL, true); - - if (!store->tls_ctx) { - Jmsg(NULL, M_FATAL, 0, _("Failed to initialize TLS context for Storage \"%s\" in %s.\n"), - store->hdr.name, configfile); - OK = false; - } - } + /* tls_require implies tls_enable */ + if (store->tls_require) { + store->tls_enable = true; + } + + if ((!store->tls_ca_certfile && !store->tls_ca_certdir) && store->tls_enable) { + Jmsg(NULL, M_FATAL, 0, _("Neither \"TLS CA Certificate\"" + " or \"TLS CA Certificate Dir\" are defined for Storage \"%s\" in %s.\n"), + store->hdr.name, configfile); + OK = false; + } + + /* If everything is well, attempt to initialize our per-resource TLS context */ + if (OK && (store->tls_enable || store->tls_require)) { + /* Initialize TLS context: + * Args: CA certfile, CA certdir, Certfile, Keyfile, + * Keyfile PEM Callback, Keyfile CB Userdata, DHfile, Verify Peer */ + store->tls_ctx = new_tls_context(store->tls_ca_certfile, + store->tls_ca_certdir, store->tls_certfile, + store->tls_keyfile, NULL, NULL, NULL, true); + + if (!store->tls_ctx) { + Jmsg(NULL, M_FATAL, 0, _("Failed to initialize TLS context for Storage \"%s\" in %s.\n"), + store->hdr.name, configfile); + OK = false; + } + } #endif /* HAVE_TLS */ } @@ -776,43 +774,43 @@ static int check_resources() foreach_res(cons, R_CONSOLE) { /* tls_require implies tls_enable */ if (cons->tls_require) { - cons->tls_enable = true; + cons->tls_enable = true; } if (!cons->tls_certfile && cons->tls_enable) { - Jmsg(NULL, M_FATAL, 0, _("\"TLS Certificate\" file not defined for Console \"%s\" in %s.\n"), - cons->hdr.name, configfile); - OK = false; + Jmsg(NULL, M_FATAL, 0, _("\"TLS Certificate\" file not defined for Console \"%s\" in %s.\n"), + cons->hdr.name, configfile); + OK = false; } if (!cons->tls_keyfile && cons->tls_enable) { - Jmsg(NULL, M_FATAL, 0, _("\"TLS Key\" file not defined for Console \"%s\" in %s.\n"), - cons->hdr.name, configfile); - OK = false; + Jmsg(NULL, M_FATAL, 0, _("\"TLS Key\" file not defined for Console \"%s\" in %s.\n"), + cons->hdr.name, configfile); + OK = false; } if ((!cons->tls_ca_certfile && !cons->tls_ca_certdir) && cons->tls_enable && cons->tls_verify_peer) { - Jmsg(NULL, M_FATAL, 0, _("Neither \"TLS CA Certificate\" or \"TLS CA" - " Certificate Dir\" are defined for Console \"%s\" in %s." - " At least one CA certificate store is required" - " when using \"TLS Verify Peer\".\n"), - cons->hdr.name, configfile); - OK = false; + Jmsg(NULL, M_FATAL, 0, _("Neither \"TLS CA Certificate\" or \"TLS CA" + " Certificate Dir\" are defined for Console \"%s\" in %s." + " At least one CA certificate store is required" + " when using \"TLS Verify Peer\".\n"), + cons->hdr.name, configfile); + OK = false; } /* If everything is well, attempt to initialize our per-resource TLS context */ if (OK && (cons->tls_enable || cons->tls_require)) { - /* Initialize TLS context: - * Args: CA certfile, CA certdir, Certfile, Keyfile, - * Keyfile PEM Callback, Keyfile CB Userdata, DHfile, Verify Peer */ - cons->tls_ctx = new_tls_context(cons->tls_ca_certfile, - cons->tls_ca_certdir, cons->tls_certfile, - cons->tls_keyfile, NULL, NULL, cons->tls_dhfile, cons->tls_verify_peer); - - if (!cons->tls_ctx) { - Jmsg(NULL, M_FATAL, 0, _("Failed to initialize TLS context for File daemon \"%s\" in %s.\n"), - cons->hdr.name, configfile); - OK = false; - } + /* Initialize TLS context: + * Args: CA certfile, CA certdir, Certfile, Keyfile, + * Keyfile PEM Callback, Keyfile CB Userdata, DHfile, Verify Peer */ + cons->tls_ctx = new_tls_context(cons->tls_ca_certfile, + cons->tls_ca_certdir, cons->tls_certfile, + cons->tls_keyfile, NULL, NULL, cons->tls_dhfile, cons->tls_verify_peer); + + if (!cons->tls_ctx) { + Jmsg(NULL, M_FATAL, 0, _("Failed to initialize TLS context for File daemon \"%s\" in %s.\n"), + cons->hdr.name, configfile); + OK = false; + } } } @@ -824,31 +822,31 @@ static int check_resources() foreach_res(client, R_CLIENT) { /* tls_require implies tls_enable */ if (client->tls_require) { - client->tls_enable = true; + client->tls_enable = true; } if ((!client->tls_ca_certfile && !client->tls_ca_certdir) && client->tls_enable) { - Jmsg(NULL, M_FATAL, 0, _("Neither \"TLS CA Certificate\"" - " or \"TLS CA Certificate Dir\" are defined for File daemon \"%s\" in %s.\n"), - client->hdr.name, configfile); - OK = false; + Jmsg(NULL, M_FATAL, 0, _("Neither \"TLS CA Certificate\"" + " or \"TLS CA Certificate Dir\" are defined for File daemon \"%s\" in %s.\n"), + client->hdr.name, configfile); + OK = false; } /* If everything is well, attempt to initialize our per-resource TLS context */ if (OK && (client->tls_enable || client->tls_require)) { - /* Initialize TLS context: - * Args: CA certfile, CA certdir, Certfile, Keyfile, - * Keyfile PEM Callback, Keyfile CB Userdata, DHfile, Verify Peer */ - client->tls_ctx = new_tls_context(client->tls_ca_certfile, - client->tls_ca_certdir, client->tls_certfile, - client->tls_keyfile, NULL, NULL, NULL, - true); - - if (!client->tls_ctx) { - Jmsg(NULL, M_FATAL, 0, _("Failed to initialize TLS context for File daemon \"%s\" in %s.\n"), - client->hdr.name, configfile); - OK = false; - } + /* Initialize TLS context: + * Args: CA certfile, CA certdir, Certfile, Keyfile, + * Keyfile PEM Callback, Keyfile CB Userdata, DHfile, Verify Peer */ + client->tls_ctx = new_tls_context(client->tls_ca_certfile, + client->tls_ca_certdir, client->tls_certfile, + client->tls_keyfile, NULL, NULL, NULL, + true); + + if (!client->tls_ctx) { + Jmsg(NULL, M_FATAL, 0, _("Failed to initialize TLS context for File daemon \"%s\" in %s.\n"), + client->hdr.name, configfile); + OK = false; + } } } #endif /* HAVE_TLS */ diff --git a/bacula/src/filed/filed.c b/bacula/src/filed/filed.c index 688a3e4ce5..7f6fb12ff7 100644 --- a/bacula/src/filed/filed.c +++ b/bacula/src/filed/filed.c @@ -262,9 +262,7 @@ void terminate_filed(int sig) free_config_resources(); term_msg(); stop_watchdog(); -#ifdef HAVE_TLS cleanup_tls(); -#endif close_memory_pool(); /* release free memory in pool */ sm_dump(false); /* dump orphaned buffers */ exit(sig); @@ -288,45 +286,45 @@ static int check_resources() OK = false; } else { if (GetNextRes(R_CLIENT, (RES *) me) != NULL) { - Emsg1(M_FATAL, 0, _("Only one Client resource permitted in %s\n"), - configfile); - OK = false; + Emsg1(M_FATAL, 0, _("Only one Client resource permitted in %s\n"), + configfile); + OK = false; } my_name_is(0, NULL, me->hdr.name); if (!me->messages) { - me->messages = (MSGS *)GetNextRes(R_MSGS, NULL); + me->messages = (MSGS *)GetNextRes(R_MSGS, NULL); if (!me->messages) { Emsg1(M_FATAL, 0, _("No Messages resource defined in %s\n"), configfile); - OK = false; + OK = false; } } #ifdef HAVE_TLS /* tls_require implies tls_enable */ if (me->tls_require) { - me->tls_enable = true; + me->tls_enable = true; } if ((!me->tls_ca_certfile && !me->tls_ca_certdir) && me->tls_enable) { - Emsg1(M_FATAL, 0, _("Neither \"TLS CA Certificate\"" - " or \"TLS CA Certificate Dir\" are defined for File daemon in %s.\n"), - configfile); - OK = false; + Emsg1(M_FATAL, 0, _("Neither \"TLS CA Certificate\"" + " or \"TLS CA Certificate Dir\" are defined for File daemon in %s.\n"), + configfile); + OK = false; } /* If everything is well, attempt to initialize our per-resource TLS context */ if (OK && (me->tls_enable || me->tls_require)) { - /* Initialize TLS context: - * Args: CA certfile, CA certdir, Certfile, Keyfile, - * Keyfile PEM Callback, Keyfile CB Userdata, DHfile, Verify Peer */ - me->tls_ctx = new_tls_context(me->tls_ca_certfile, - me->tls_ca_certdir, me->tls_certfile, me->tls_keyfile, - NULL, NULL, NULL, true); - - if (!me->tls_ctx) { - Emsg2(M_FATAL, 0, _("Failed to initialize TLS context for File daemon \"%s\" in %s.\n"), - me->hdr.name, configfile); - OK = false; - } + /* Initialize TLS context: + * Args: CA certfile, CA certdir, Certfile, Keyfile, + * Keyfile PEM Callback, Keyfile CB Userdata, DHfile, Verify Peer */ + me->tls_ctx = new_tls_context(me->tls_ca_certfile, + me->tls_ca_certdir, me->tls_certfile, me->tls_keyfile, + NULL, NULL, NULL, true); + + if (!me->tls_ctx) { + Emsg2(M_FATAL, 0, _("Failed to initialize TLS context for File daemon \"%s\" in %s.\n"), + me->hdr.name, configfile); + OK = false; + } } #endif /* HAVE_TLS */ @@ -339,7 +337,7 @@ static int check_resources() UnlockRes(); if (!director) { Emsg1(M_FATAL, 0, _("No Director resource defined in %s\n"), - configfile); + configfile); OK = false; } @@ -347,45 +345,45 @@ static int check_resources() foreach_res(director, R_DIRECTOR) { /* tls_require implies tls_enable */ if (director->tls_require) { - director->tls_enable = true; + director->tls_enable = true; } if (!director->tls_certfile && director->tls_enable) { - Emsg2(M_FATAL, 0, _("\"TLS Certificate\" file not defined for Director \"%s\" in %s.\n"), - director->hdr.name, configfile); - OK = false; + Emsg2(M_FATAL, 0, _("\"TLS Certificate\" file not defined for Director \"%s\" in %s.\n"), + director->hdr.name, configfile); + OK = false; } if (!director->tls_keyfile && director->tls_enable) { - Emsg2(M_FATAL, 0, _("\"TLS Key\" file not defined for Director \"%s\" in %s.\n"), - director->hdr.name, configfile); - OK = false; + Emsg2(M_FATAL, 0, _("\"TLS Key\" file not defined for Director \"%s\" in %s.\n"), + director->hdr.name, configfile); + OK = false; } if ((!director->tls_ca_certfile && !director->tls_ca_certdir) && director->tls_enable && director->tls_verify_peer) { - Emsg2(M_FATAL, 0, _("Neither \"TLS CA Certificate\"" - " or \"TLS CA Certificate Dir\" are defined for Director \"%s\" in %s." - " At least one CA certificate store is required" - " when using \"TLS Verify Peer\".\n"), - director->hdr.name, configfile); - OK = false; + Emsg2(M_FATAL, 0, _("Neither \"TLS CA Certificate\"" + " or \"TLS CA Certificate Dir\" are defined for Director \"%s\" in %s." + " At least one CA certificate store is required" + " when using \"TLS Verify Peer\".\n"), + director->hdr.name, configfile); + OK = false; } /* If everything is well, attempt to initialize our per-resource TLS context */ if (OK && (director->tls_enable || director->tls_require)) { - /* Initialize TLS context: - * Args: CA certfile, CA certdir, Certfile, Keyfile, - * Keyfile PEM Callback, Keyfile CB Userdata, DHfile, Verify Peer */ - director->tls_ctx = new_tls_context(director->tls_ca_certfile, - director->tls_ca_certdir, director->tls_certfile, - director->tls_keyfile, NULL, NULL, director->tls_dhfile, - director->tls_verify_peer); - - if (!director->tls_ctx) { - Emsg2(M_FATAL, 0, _("Failed to initialize TLS context for Director \"%s\" in %s.\n"), - director->hdr.name, configfile); - OK = false; - } + /* Initialize TLS context: + * Args: CA certfile, CA certdir, Certfile, Keyfile, + * Keyfile PEM Callback, Keyfile CB Userdata, DHfile, Verify Peer */ + director->tls_ctx = new_tls_context(director->tls_ca_certfile, + director->tls_ca_certdir, director->tls_certfile, + director->tls_keyfile, NULL, NULL, director->tls_dhfile, + director->tls_verify_peer); + + if (!director->tls_ctx) { + Emsg2(M_FATAL, 0, _("Failed to initialize TLS context for Director \"%s\" in %s.\n"), + director->hdr.name, configfile); + OK = false; + } } } #endif /* HAVE_TLS */ @@ -399,4 +397,3 @@ static int check_resources() return OK; } - diff --git a/bacula/src/lib/protos.h b/bacula/src/lib/protos.h index ba13ad44bf..6941263c4d 100644 --- a/bacula/src/lib/protos.h +++ b/bacula/src/lib/protos.h @@ -72,7 +72,7 @@ bool bnet_set_buffer_size (BSOCK *bs, uint32_t size, int rw); bool bnet_sig (BSOCK *bs, int sig); #ifdef HAVE_TLS int bnet_tls_server (TLS_CONTEXT *ctx, BSOCK *bsock, - alist *verify_list); + alist *verify_list); int bnet_tls_client (TLS_CONTEXT *ctx, BSOCK *bsock); #endif /* HAVE_TLS */ BSOCK * bnet_connect (JCR *jcr, int retry_interval, @@ -206,29 +206,30 @@ int bsscanf(const char *buf, const char *fmt, ...); /* tls.c */ -#ifdef HAVE_TLS int init_tls (void); int cleanup_tls (void); + +#ifdef HAVE_TLS TLS_CONTEXT *new_tls_context (const char *ca_certfile, const char *ca_certdir, - const char *certfile, - const char *keyfile, - TLS_PEM_PASSWD_CB *pem_callback, - const void *pem_userdata, - const char *dhfile, - bool verify_peer); + const char *certfile, + const char *keyfile, + TLS_PEM_PASSWD_CB *pem_callback, + const void *pem_userdata, + const char *dhfile, + bool verify_peer); void free_tls_context (TLS_CONTEXT *ctx); -bool tls_postconnect_verify_host (TLS_CONNECTION *tls, - const char *host); -bool tls_postconnect_verify_cn (TLS_CONNECTION *tls, - alist *verify_list); +bool tls_postconnect_verify_host (TLS_CONNECTION *tls, + const char *host); +bool tls_postconnect_verify_cn (TLS_CONNECTION *tls, + alist *verify_list); TLS_CONNECTION *new_tls_connection (TLS_CONTEXT *ctx, int fd); void free_tls_connection (TLS_CONNECTION *tls); bool tls_bsock_connect (BSOCK *bsock); bool tls_bsock_accept (BSOCK *bsock); void tls_bsock_shutdown (BSOCK *bsock); -int tls_bsock_writen (BSOCK *bsock, char *ptr, int32_t nbytes); -int tls_bsock_readn (BSOCK *bsock, char *ptr, int32_t nbytes); +int tls_bsock_writen (BSOCK *bsock, char *ptr, int32_t nbytes); +int tls_bsock_readn (BSOCK *bsock, char *ptr, int32_t nbytes); #endif /* HAVE_TLS */ diff --git a/bacula/src/lib/tls.c b/bacula/src/lib/tls.c index 01045b78bb..0401dee39b 100644 --- a/bacula/src/lib/tls.c +++ b/bacula/src/lib/tls.c @@ -925,7 +925,9 @@ int cleanup_tls (void) #else +/* Dummy routines */ int init_tls(void) { return 0; } +int cleanup_tls (void) { return 0; } #endif /* HAVE_TLS */ diff --git a/bacula/src/stored/stored.c b/bacula/src/stored/stored.c index a20be7cf50..49ff47b2df 100644 --- a/bacula/src/stored/stored.c +++ b/bacula/src/stored/stored.c @@ -262,10 +262,6 @@ static int check_resources() { bool OK = true; AUTOCHANGER *changer; -#ifdef HAVE_TLS - DIRRES *director; - STORES *store; -#endif LockRes(); @@ -297,7 +293,7 @@ static int check_resources() if (!me->messages) { Jmsg1(NULL, M_ERROR, 0, _("No Messages resource defined in %s. Cannot continue.\n"), configfile); - OK = false; + OK = false; } } @@ -308,96 +304,95 @@ static int check_resources() } #ifdef HAVE_TLS + DIRRES *director; + STORES *store; foreach_res(store, R_STORAGE) { /* tls_require implies tls_enable */ if (store->tls_require) { - store->tls_enable = true; + store->tls_enable = true; } if (!store->tls_certfile && store->tls_enable) { - Jmsg(NULL, M_FATAL, 0, _("\"TLS Certificate\" file not defined for Storage \"%s\" in %s.\n"), - store->hdr.name, configfile); - OK = false; + Jmsg(NULL, M_FATAL, 0, _("\"TLS Certificate\" file not defined for Storage \"%s\" in %s.\n"), + store->hdr.name, configfile); + OK = false; } if (!store->tls_keyfile && store->tls_enable) { - Jmsg(NULL, M_FATAL, 0, _("\"TLS Key\" file not defined for Storage \"%s\" in %s.\n"), - store->hdr.name, configfile); - OK = false; + Jmsg(NULL, M_FATAL, 0, _("\"TLS Key\" file not defined for Storage \"%s\" in %s.\n"), + store->hdr.name, configfile); + OK = false; } if ((!store->tls_ca_certfile && !store->tls_ca_certdir) && store->tls_enable && store->tls_verify_peer) { - Jmsg(NULL, M_FATAL, 0, _("Neither \"TLS CA Certificate\"" - " or \"TLS CA Certificate Dir\" are defined for Storage \"%s\" in %s." - " At least one CA certificate store is required" - " when using \"TLS Verify Peer\".\n"), - store->hdr.name, configfile); - OK = false; + Jmsg(NULL, M_FATAL, 0, _("Neither \"TLS CA Certificate\"" + " or \"TLS CA Certificate Dir\" are defined for Storage \"%s\" in %s." + " At least one CA certificate store is required" + " when using \"TLS Verify Peer\".\n"), + store->hdr.name, configfile); + OK = false; } /* If everything is well, attempt to initialize our per-resource TLS context */ if (OK && (store->tls_enable || store->tls_require)) { - /* Initialize TLS context: - * Args: CA certfile, CA certdir, Certfile, Keyfile, - * Keyfile PEM Callback, Keyfile CB Userdata, DHfile, Verify Peer */ - store->tls_ctx = new_tls_context(store->tls_ca_certfile, - store->tls_ca_certdir, store->tls_certfile, - store->tls_keyfile, NULL, NULL, store->tls_dhfile, - store->tls_verify_peer); - - if (!store->tls_ctx) { - Jmsg(NULL, M_FATAL, 0, _("Failed to initialize TLS context for Storage \"%s\" in %s.\n"), - store->hdr.name, configfile); - OK = false; - } + /* Initialize TLS context: + * Args: CA certfile, CA certdir, Certfile, Keyfile, + * Keyfile PEM Callback, Keyfile CB Userdata, DHfile, Verify Peer */ + store->tls_ctx = new_tls_context(store->tls_ca_certfile, + store->tls_ca_certdir, store->tls_certfile, + store->tls_keyfile, NULL, NULL, store->tls_dhfile, + store->tls_verify_peer); + + if (!store->tls_ctx) { + Jmsg(NULL, M_FATAL, 0, _("Failed to initialize TLS context for Storage \"%s\" in %s.\n"), + store->hdr.name, configfile); + OK = false; + } } } -#endif /* HAVE_TLS */ - -#ifdef HAVE_TLS foreach_res(director, R_DIRECTOR) { /* tls_require implies tls_enable */ if (director->tls_require) { - director->tls_enable = true; + director->tls_enable = true; } if (!director->tls_certfile && director->tls_enable) { - Jmsg(NULL, M_FATAL, 0, _("\"TLS Certificate\" file not defined for Director \"%s\" in %s.\n"), - director->hdr.name, configfile); - OK = false; + Jmsg(NULL, M_FATAL, 0, _("\"TLS Certificate\" file not defined for Director \"%s\" in %s.\n"), + director->hdr.name, configfile); + OK = false; } if (!director->tls_keyfile && director->tls_enable) { - Jmsg(NULL, M_FATAL, 0, _("\"TLS Key\" file not defined for Director \"%s\" in %s.\n"), - director->hdr.name, configfile); - OK = false; + Jmsg(NULL, M_FATAL, 0, _("\"TLS Key\" file not defined for Director \"%s\" in %s.\n"), + director->hdr.name, configfile); + OK = false; } if ((!director->tls_ca_certfile && !director->tls_ca_certdir) && director->tls_enable && director->tls_verify_peer) { - Jmsg(NULL, M_FATAL, 0, _("Neither \"TLS CA Certificate\"" - " or \"TLS CA Certificate Dir\" are defined for Director \"%s\" in %s." - " At least one CA certificate store is required" - " when using \"TLS Verify Peer\".\n"), - director->hdr.name, configfile); - OK = false; + Jmsg(NULL, M_FATAL, 0, _("Neither \"TLS CA Certificate\"" + " or \"TLS CA Certificate Dir\" are defined for Director \"%s\" in %s." + " At least one CA certificate store is required" + " when using \"TLS Verify Peer\".\n"), + director->hdr.name, configfile); + OK = false; } /* If everything is well, attempt to initialize our per-resource TLS context */ if (OK && (director->tls_enable || director->tls_require)) { - /* Initialize TLS context: - * Args: CA certfile, CA certdir, Certfile, Keyfile, - * Keyfile PEM Callback, Keyfile CB Userdata, DHfile, Verify Peer */ - director->tls_ctx = new_tls_context(director->tls_ca_certfile, - director->tls_ca_certdir, director->tls_certfile, - director->tls_keyfile, NULL, NULL, director->tls_dhfile, - director->tls_verify_peer); - - if (!director->tls_ctx) { - Jmsg(NULL, M_FATAL, 0, _("Failed to initialize TLS context for Director \"%s\" in %s.\n"), - director->hdr.name, configfile); - OK = false; - } + /* Initialize TLS context: + * Args: CA certfile, CA certdir, Certfile, Keyfile, + * Keyfile PEM Callback, Keyfile CB Userdata, DHfile, Verify Peer */ + director->tls_ctx = new_tls_context(director->tls_ca_certfile, + director->tls_ca_certdir, director->tls_certfile, + director->tls_keyfile, NULL, NULL, director->tls_dhfile, + director->tls_verify_peer); + + if (!director->tls_ctx) { + Jmsg(NULL, M_FATAL, 0, _("Failed to initialize TLS context for Director \"%s\" in %s.\n"), + director->hdr.name, configfile); + OK = false; + } } } #endif /* HAVE_TLS */ @@ -415,8 +410,8 @@ static int check_resources() Jmsg(NULL, M_ERROR, 0, _("Media Type not the same for all devices in changer %s. Cannot continue.\n"), changer->hdr.name); - OK = false; - continue; + OK = false; + continue; } /* * If the device does not have a changer name or changer command @@ -563,9 +558,7 @@ void terminate_stored(int sig) } term_msg(); stop_watchdog(); -#ifdef HAVE_TLS cleanup_tls(); -#endif close_memory_pool(); sm_dump(false); /* dump orphaned buffers */ -- 2.39.5