tls 51 daemons/based/based_remote.c static pcmk__tls_t *tls = NULL; tls 97 daemons/based/based_remote.c rc = pcmk__init_tls(&tls, true, use_cert ? GNUTLS_CRD_CERTIFICATE : GNUTLS_CRD_ANON); tls 299 daemons/based/based_remote.c new_client->remote->tls_session = pcmk__new_tls_session(tls, csock); tls 34 daemons/execd/remoted_tls.c static pcmk__tls_t *tls = NULL; tls 230 daemons/execd/remoted_tls.c session = pcmk__new_tls_session(tls, csock); tls 369 daemons/execd/remoted_tls.c rc = pcmk__init_tls(&tls, true, use_cert ? GNUTLS_CRD_CERTIFICATE : GNUTLS_CRD_PSK); tls 377 daemons/execd/remoted_tls.c pcmk__tls_add_psk_callback(tls, lrmd_tls_server_key_cb); tls 435 daemons/execd/remoted_tls.c if (tls != NULL) { tls 436 daemons/execd/remoted_tls.c pcmk__free_tls(tls); tls 437 daemons/execd/remoted_tls.c tls = NULL; tls 47 include/crm/common/tls_internal.h void pcmk__free_tls(pcmk__tls_t *tls); tls 63 include/crm/common/tls_internal.h int pcmk__init_tls(pcmk__tls_t **tls, bool server, tls 92 include/crm/common/tls_internal.h gnutls_session_t pcmk__new_tls_session(pcmk__tls_t *tls, int csock); tls 104 include/crm/common/tls_internal.h void pcmk__tls_add_psk_key(pcmk__tls_t *tls, gnutls_datum_t *key); tls 116 include/crm/common/tls_internal.h void pcmk__tls_add_psk_callback(pcmk__tls_t *tls, tls 37 lib/cib/cib_remote.c static pcmk__tls_t *tls = NULL; tls 322 lib/cib/cib_remote.c pcmk__free_tls(tls); tls 323 lib/cib/cib_remote.c tls = NULL; tls 381 lib/cib/cib_remote.c rc = pcmk__init_tls(&tls, false, use_cert ? GNUTLS_CRD_CERTIFICATE : GNUTLS_CRD_ANON); tls 387 lib/cib/cib_remote.c connection->tls_session = pcmk__new_tls_session(tls, connection->tcp_socket); tls 52 lib/common/tls.c tls_load_x509_data(pcmk__tls_t *tls) tls 56 lib/common/tls.c CRM_CHECK(tls->cred_type == GNUTLS_CRD_CERTIFICATE, return EINVAL); tls 64 lib/common/tls.c rc = gnutls_certificate_set_x509_trust_file(tls->credentials.cert, tls 65 lib/common/tls.c tls->ca_file, tls 75 lib/common/tls.c if (tls->crl_file != NULL) { tls 76 lib/common/tls.c rc = gnutls_certificate_set_x509_crl_file(tls->credentials.cert, tls 77 lib/common/tls.c tls->crl_file, tls 89 lib/common/tls.c rc = gnutls_certificate_set_x509_key_file2(tls->credentials.cert, tls 90 lib/common/tls.c tls->cert_file, tls->key_file, tls 147 lib/common/tls.c pcmk__free_tls(pcmk__tls_t *tls) tls 149 lib/common/tls.c if (tls == NULL) { tls 154 lib/common/tls.c if (tls->server) { tls 155 lib/common/tls.c gnutls_dh_params_deinit(tls->dh_params); tls 158 lib/common/tls.c if (tls->cred_type == GNUTLS_CRD_ANON) { tls 159 lib/common/tls.c if (tls->server) { tls 160 lib/common/tls.c gnutls_anon_free_server_credentials(tls->credentials.anon_s); tls 162 lib/common/tls.c gnutls_anon_free_client_credentials(tls->credentials.anon_c); tls 164 lib/common/tls.c } else if (tls->cred_type == GNUTLS_CRD_CERTIFICATE) { tls 165 lib/common/tls.c gnutls_certificate_free_credentials(tls->credentials.cert); tls 166 lib/common/tls.c } else if (tls->cred_type == GNUTLS_CRD_PSK) { tls 167 lib/common/tls.c if (tls->server) { tls 168 lib/common/tls.c gnutls_psk_free_server_credentials(tls->credentials.psk_s); tls 170 lib/common/tls.c gnutls_psk_free_client_credentials(tls->credentials.psk_c); tls 174 lib/common/tls.c free(tls); tls 175 lib/common/tls.c tls = NULL; tls 181 lib/common/tls.c pcmk__init_tls(pcmk__tls_t **tls, bool server, gnutls_credentials_type_t cred_type) tls 185 lib/common/tls.c if (*tls != NULL) { tls 189 lib/common/tls.c *tls = pcmk__assert_alloc(1, sizeof(pcmk__tls_t)); tls 205 lib/common/tls.c rc = pcmk__init_tls_dh(&(*tls)->dh_params); tls 207 lib/common/tls.c pcmk__free_tls(*tls); tls 208 lib/common/tls.c *tls = NULL; tls 213 lib/common/tls.c (*tls)->cred_type = cred_type; tls 214 lib/common/tls.c (*tls)->server = server; tls 218 lib/common/tls.c gnutls_anon_allocate_server_credentials(&(*tls)->credentials.anon_s); tls 219 lib/common/tls.c gnutls_anon_set_server_dh_params((*tls)->credentials.anon_s, tls 220 lib/common/tls.c (*tls)->dh_params); tls 222 lib/common/tls.c gnutls_anon_allocate_client_credentials(&(*tls)->credentials.anon_c); tls 228 lib/common/tls.c (*tls)->ca_file = pcmk__env_option(PCMK__ENV_CA_FILE); tls 229 lib/common/tls.c if (pcmk__str_empty((*tls)->ca_file)) { tls 230 lib/common/tls.c (*tls)->ca_file = getenv("CIB_ca_file"); tls 233 lib/common/tls.c (*tls)->cert_file = pcmk__env_option(PCMK__ENV_CERT_FILE); tls 234 lib/common/tls.c if (pcmk__str_empty((*tls)->cert_file)) { tls 235 lib/common/tls.c (*tls)->cert_file = getenv("CIB_cert_file"); tls 238 lib/common/tls.c (*tls)->crl_file = pcmk__env_option(PCMK__ENV_CRL_FILE); tls 239 lib/common/tls.c if (pcmk__str_empty((*tls)->crl_file)) { tls 240 lib/common/tls.c (*tls)->crl_file = getenv("CIB_crl_file"); tls 243 lib/common/tls.c (*tls)->key_file = pcmk__env_option(PCMK__ENV_KEY_FILE); tls 244 lib/common/tls.c if (pcmk__str_empty((*tls)->key_file)) { tls 245 lib/common/tls.c (*tls)->key_file = getenv("CIB_key_file"); tls 248 lib/common/tls.c gnutls_certificate_allocate_credentials(&(*tls)->credentials.cert); tls 251 lib/common/tls.c gnutls_certificate_set_dh_params((*tls)->credentials.cert, tls 252 lib/common/tls.c (*tls)->dh_params); tls 256 lib/common/tls.c rc = tls_load_x509_data(*tls); tls 258 lib/common/tls.c pcmk__free_tls(*tls); tls 259 lib/common/tls.c *tls = NULL; tls 264 lib/common/tls.c gnutls_psk_allocate_server_credentials(&(*tls)->credentials.psk_s); tls 265 lib/common/tls.c gnutls_psk_set_server_dh_params((*tls)->credentials.psk_s, tls 266 lib/common/tls.c (*tls)->dh_params); tls 268 lib/common/tls.c gnutls_psk_allocate_client_credentials(&(*tls)->credentials.psk_c); tls 315 lib/common/tls.c pcmk__new_tls_session(pcmk__tls_t *tls, int csock) tls 317 lib/common/tls.c unsigned int conn_type = tls->server ? GNUTLS_SERVER : GNUTLS_CLIENT; tls 333 lib/common/tls.c prio = get_gnutls_priorities(tls->cred_type); tls 348 lib/common/tls.c if (tls->cred_type == GNUTLS_CRD_ANON && tls->server) { tls 349 lib/common/tls.c rc = gnutls_credentials_set(session, tls->cred_type, tls->credentials.anon_s); tls 350 lib/common/tls.c } else if (tls->cred_type == GNUTLS_CRD_ANON) { tls 351 lib/common/tls.c rc = gnutls_credentials_set(session, tls->cred_type, tls->credentials.anon_c); tls 352 lib/common/tls.c } else if (tls->cred_type == GNUTLS_CRD_CERTIFICATE) { tls 353 lib/common/tls.c rc = gnutls_credentials_set(session, tls->cred_type, tls->credentials.cert); tls 354 lib/common/tls.c } else if (tls->cred_type == GNUTLS_CRD_PSK && tls->server) { tls 355 lib/common/tls.c rc = gnutls_credentials_set(session, tls->cred_type, tls->credentials.psk_s); tls 356 lib/common/tls.c } else if (tls->cred_type == GNUTLS_CRD_PSK) { tls 357 lib/common/tls.c rc = gnutls_credentials_set(session, tls->cred_type, tls->credentials.psk_c); tls 359 lib/common/tls.c crm_err("Unknown credential type: %d", tls->cred_type); tls 370 lib/common/tls.c if (tls->cred_type == GNUTLS_CRD_CERTIFICATE) { tls 381 lib/common/tls.c gnutls_certificate_set_verify_function(tls->credentials.cert, verify_peer_cert); tls 388 lib/common/tls.c tls_cred_str(tls->cred_type), tls 424 lib/common/tls.c pcmk__tls_add_psk_key(pcmk__tls_t *tls, gnutls_datum_t *key) tls 426 lib/common/tls.c gnutls_psk_set_client_credentials(tls->credentials.psk_c, tls 432 lib/common/tls.c pcmk__tls_add_psk_callback(pcmk__tls_t *tls, tls 435 lib/common/tls.c gnutls_psk_set_server_credentials_function(tls->credentials.psk_s, cb); tls 82 lib/lrmd/lrmd_client.c pcmk__tls_t *tls; tls 629 lib/lrmd/lrmd_client.c if (native->tls) { tls 630 lib/lrmd/lrmd_client.c pcmk__free_tls(native->tls); tls 631 lib/lrmd/lrmd_client.c native->tls = NULL; tls 1542 lib/lrmd/lrmd_client.c if (native->tls == NULL) { tls 1543 lib/lrmd/lrmd_client.c rc = pcmk__init_tls(&native->tls, false, use_cert ? GNUTLS_CRD_CERTIFICATE : GNUTLS_CRD_PSK); tls 1565 lib/lrmd/lrmd_client.c pcmk__tls_add_psk_key(native->tls, &psk_key); tls 1569 lib/lrmd/lrmd_client.c native->remote->tls_session = pcmk__new_tls_session(native->tls, sock); tls 1642 lib/lrmd/lrmd_client.c if (native->tls == NULL) { tls 1643 lib/lrmd/lrmd_client.c rc = pcmk__init_tls(&native->tls, false, use_cert ? GNUTLS_CRD_CERTIFICATE : GNUTLS_CRD_PSK); tls 1660 lib/lrmd/lrmd_client.c pcmk__tls_add_psk_key(native->tls, &psk_key); tls 1664 lib/lrmd/lrmd_client.c native->remote->tls_session = pcmk__new_tls_session(native->tls, native->sock);