Skip to content

Commit

Permalink
bsock: splitted tls handshake into client and server
Browse files Browse the repository at this point in the history
  • Loading branch information
@franku
franku committed Jun 8, 2018
1 parent 2c32c77 commit e0a3e5d
Show file tree
Hide file tree
Showing 2 changed files with 53 additions and 27 deletions.
72 changes: 45 additions & 27 deletions core/src/lib/bsock.cc
View file
Expand Up @@ -367,34 +367,9 @@ bool BareosSocket::DoTlsHandshake(uint32_t remote_tls_policy,
selected_local_tls = SelectTlsFromPolicy(tls_configuration, remote_tls_policy);
if (selected_local_tls != nullptr) {
if (initiated_by_remote) {
std::shared_ptr<TLS_CONTEXT> tls_ctx = selected_local_tls->CreateServerContext(
std::make_shared<PskCredentials>(identity, password));
if (jcr) {
jcr->tls_ctx = tls_ctx;
}
alist *verify_list = NULL;
if (selected_local_tls->GetVerifyPeer()) {
verify_list = selected_local_tls->GetVerifyList();
}
if (!BnetTlsServer(tls_ctx, this, verify_list)) {
Jmsg(jcr, M_FATAL, 0, _("TLS negotiation failed.\n"));
Dmsg0(debuglevel, "TLS negotiation failed.\n");
return false;
}
DoTlsHandshakeWithClient(selected_local_tls, identity, password, jcr);
} else {
std::shared_ptr<TLS_CONTEXT> tls_ctx = selected_local_tls->CreateClientContext(
std::make_shared<PskCredentials>(identity, password));
if (jcr) {
jcr->tls_ctx = tls_ctx;
}
if (!BnetTlsClient(tls_ctx,
this,
selected_local_tls->GetVerifyPeer(),
selected_local_tls->GetVerifyList())) {
Jmsg(jcr, M_FATAL, 0, _("TLS negotiation failed.\n"));
Dmsg0(debuglevel, "TLS negotiation failed.\n");
return false;
}
DoTlsHandshakeWithServer(selected_local_tls, identity, password, jcr);
}

if (selected_local_tls->GetAuthenticate()) { /* tls authentication only? */
Expand All @@ -407,6 +382,49 @@ bool BareosSocket::DoTlsHandshake(uint32_t remote_tls_policy,
return true;
}

bool BareosSocket::DoTlsHandshakeWithClient(TlsBase *selected_local_tls,
const char* identity,
const char* password,
JobControlRecord *jcr)
{
std::shared_ptr<TLS_CONTEXT> tls_ctx = selected_local_tls->CreateServerContext(
std::make_shared<PskCredentials>(identity, password));
if (jcr) {
jcr->tls_ctx = tls_ctx;
}
alist *verify_list = NULL;
if (selected_local_tls->GetVerifyPeer()) {
verify_list = selected_local_tls->GetVerifyList();
}
if (BnetTlsServer(tls_ctx, this, verify_list)) {
return true;
}
Jmsg(jcr, M_FATAL, 0, _("TLS negotiation failed.\n"));
Dmsg0(debuglevel, "TLS negotiation failed.\n");
return false;
}

bool BareosSocket::DoTlsHandshakeWithServer(TlsBase *selected_local_tls,
const char* identity,
const char* password,
JobControlRecord *jcr)
{
std::shared_ptr<TLS_CONTEXT> tls_ctx = selected_local_tls->CreateClientContext(
std::make_shared<PskCredentials>(identity, password));
if (jcr) {
jcr->tls_ctx = tls_ctx;
}
if (BnetTlsClient(tls_ctx,
this,
selected_local_tls->GetVerifyPeer(),
selected_local_tls->GetVerifyList())) {
return true;
}
Jmsg(jcr, M_FATAL, 0, _("TLS negotiation failed.\n"));
Dmsg0(debuglevel, "TLS negotiation failed.\n");
return false;
}

bool BareosSocket::AuthenticateOutboundConnection(
JobControlRecord *jcr,
const char *what,
Expand Down
8 changes: 8 additions & 0 deletions core/src/lib/bsock.h
View file
Expand Up @@ -121,6 +121,14 @@ class DLL_IMP_EXP BareosSocket : public SmartAlloc {
const char *identity,
const char *password,
JobControlRecord *jcr);
bool DoTlsHandshakeWithClient(TlsBase *selected_local_tls,
const char *identity,
const char *password,
JobControlRecord *jcr);
bool DoTlsHandshakeWithServer(TlsBase *selected_local_tls,
const char* identity,
const char* password,
JobControlRecord *jcr);

public:
BareosSocket();
Expand Down

0 comments on commit e0a3e5d

Please sign in to comment.