tls 51 daemons/based/based_remote.c static pcmk__tls_t *tls = NULL; tls 97 daemons/based/based_remote.c rc = pcmk__init_tls(&tls, true, use_cert ? GNUTLS_CRD_CERTIFICATE : GNUTLS_CRD_ANON); tls 294 daemons/based/based_remote.c new_client->remote->tls_session = pcmk__new_tls_session(tls, csock); tls 34 daemons/execd/remoted_tls.c static pcmk__tls_t *tls = NULL; tls 226 daemons/execd/remoted_tls.c session = pcmk__new_tls_session(tls, csock); tls 365 daemons/execd/remoted_tls.c rc = pcmk__init_tls(&tls, true, use_cert ? GNUTLS_CRD_CERTIFICATE : GNUTLS_CRD_PSK); tls 373 daemons/execd/remoted_tls.c pcmk__tls_add_psk_callback(tls, lrmd_tls_server_key_cb); tls 431 daemons/execd/remoted_tls.c if (tls != NULL) { tls 432 daemons/execd/remoted_tls.c pcmk__free_tls(tls); tls 433 daemons/execd/remoted_tls.c tls = NULL; tls 47 include/crm/common/tls_internal.h void pcmk__free_tls(pcmk__tls_t *tls); tls 63 include/crm/common/tls_internal.h int pcmk__init_tls(pcmk__tls_t **tls, bool server, tls 92 include/crm/common/tls_internal.h gnutls_session_t pcmk__new_tls_session(pcmk__tls_t *tls, int csock); tls 106 include/crm/common/tls_internal.h void pcmk__tls_add_psk_key(pcmk__tls_t *tls, gnutls_datum_t *key); tls 118 include/crm/common/tls_internal.h void pcmk__tls_add_psk_callback(pcmk__tls_t *tls, tls 37 lib/cib/cib_remote.c static pcmk__tls_t *tls = NULL; tls 323 lib/cib/cib_remote.c pcmk__free_tls(tls); tls 324 lib/cib/cib_remote.c tls = NULL; tls 382 lib/cib/cib_remote.c rc = pcmk__init_tls(&tls, false, use_cert ? GNUTLS_CRD_CERTIFICATE : GNUTLS_CRD_ANON); tls 388 lib/cib/cib_remote.c connection->tls_session = pcmk__new_tls_session(tls, connection->tcp_socket); tls 54 lib/common/tls.c tls_load_x509_data(pcmk__tls_t *tls) tls 58 lib/common/tls.c CRM_CHECK(tls->cred_type == GNUTLS_CRD_CERTIFICATE, return EINVAL); tls 66 lib/common/tls.c rc = gnutls_certificate_set_x509_trust_file(tls->credentials.cert, tls 67 lib/common/tls.c tls->ca_file, tls 77 lib/common/tls.c if (tls->crl_file != NULL) { tls 78 lib/common/tls.c rc = gnutls_certificate_set_x509_crl_file(tls->credentials.cert, tls 79 lib/common/tls.c tls->crl_file, tls 91 lib/common/tls.c rc = gnutls_certificate_set_x509_key_file2(tls->credentials.cert, tls 92 lib/common/tls.c tls->cert_file, tls->key_file, tls 149 lib/common/tls.c pcmk__free_tls(pcmk__tls_t *tls) tls 151 lib/common/tls.c if (tls == NULL) { tls 156 lib/common/tls.c if (tls->server) { tls 157 lib/common/tls.c gnutls_dh_params_deinit(tls->dh_params); tls 160 lib/common/tls.c if (tls->cred_type == GNUTLS_CRD_ANON) { tls 161 lib/common/tls.c if (tls->server) { tls 162 lib/common/tls.c gnutls_anon_free_server_credentials(tls->credentials.anon_s); tls 164 lib/common/tls.c gnutls_anon_free_client_credentials(tls->credentials.anon_c); tls 166 lib/common/tls.c } else if (tls->cred_type == GNUTLS_CRD_CERTIFICATE) { tls 167 lib/common/tls.c gnutls_certificate_free_credentials(tls->credentials.cert); tls 168 lib/common/tls.c } else if (tls->cred_type == GNUTLS_CRD_PSK) { tls 169 lib/common/tls.c if (tls->server) { tls 170 lib/common/tls.c gnutls_psk_free_server_credentials(tls->credentials.psk_s); tls 172 lib/common/tls.c gnutls_psk_free_client_credentials(tls->credentials.psk_c); tls 176 lib/common/tls.c free(tls); tls 177 lib/common/tls.c tls = NULL; tls 183 lib/common/tls.c pcmk__init_tls(pcmk__tls_t **tls, bool server, gnutls_credentials_type_t cred_type) tls 187 lib/common/tls.c if (*tls != NULL) { tls 191 lib/common/tls.c *tls = pcmk__assert_alloc(1, sizeof(pcmk__tls_t)); tls 207 lib/common/tls.c rc = pcmk__init_tls_dh(&(*tls)->dh_params); tls 209 lib/common/tls.c pcmk__free_tls(*tls); tls 210 lib/common/tls.c *tls = NULL; tls 215 lib/common/tls.c (*tls)->cred_type = cred_type; tls 216 lib/common/tls.c (*tls)->server = server; tls 220 lib/common/tls.c gnutls_anon_allocate_server_credentials(&(*tls)->credentials.anon_s); tls 221 lib/common/tls.c gnutls_anon_set_server_dh_params((*tls)->credentials.anon_s, tls 222 lib/common/tls.c (*tls)->dh_params); tls 224 lib/common/tls.c gnutls_anon_allocate_client_credentials(&(*tls)->credentials.anon_c); tls 230 lib/common/tls.c (*tls)->ca_file = pcmk__env_option(PCMK__ENV_CA_FILE); tls 231 lib/common/tls.c if (pcmk__str_empty((*tls)->ca_file)) { tls 232 lib/common/tls.c (*tls)->ca_file = getenv("CIB_ca_file"); tls 235 lib/common/tls.c (*tls)->cert_file = pcmk__env_option(PCMK__ENV_CERT_FILE); tls 236 lib/common/tls.c if (pcmk__str_empty((*tls)->cert_file)) { tls 237 lib/common/tls.c (*tls)->cert_file = getenv("CIB_cert_file"); tls 240 lib/common/tls.c (*tls)->crl_file = pcmk__env_option(PCMK__ENV_CRL_FILE); tls 241 lib/common/tls.c if (pcmk__str_empty((*tls)->crl_file)) { tls 242 lib/common/tls.c (*tls)->crl_file = getenv("CIB_crl_file"); tls 245 lib/common/tls.c (*tls)->key_file = pcmk__env_option(PCMK__ENV_KEY_FILE); tls 246 lib/common/tls.c if (pcmk__str_empty((*tls)->key_file)) { tls 247 lib/common/tls.c (*tls)->key_file = getenv("CIB_key_file"); tls 250 lib/common/tls.c gnutls_certificate_allocate_credentials(&(*tls)->credentials.cert); tls 253 lib/common/tls.c gnutls_certificate_set_dh_params((*tls)->credentials.cert, tls 254 lib/common/tls.c (*tls)->dh_params); tls 258 lib/common/tls.c rc = tls_load_x509_data(*tls); tls 260 lib/common/tls.c pcmk__free_tls(*tls); tls 261 lib/common/tls.c *tls = NULL; tls 266 lib/common/tls.c gnutls_psk_allocate_server_credentials(&(*tls)->credentials.psk_s); tls 267 lib/common/tls.c gnutls_psk_set_server_dh_params((*tls)->credentials.psk_s, tls 268 lib/common/tls.c (*tls)->dh_params); tls 270 lib/common/tls.c gnutls_psk_allocate_client_credentials(&(*tls)->credentials.psk_c); tls 317 lib/common/tls.c pcmk__new_tls_session(pcmk__tls_t *tls, int csock) tls 324 lib/common/tls.c CRM_CHECK((tls != NULL) && (csock >= 0), return NULL); tls 326 lib/common/tls.c if (tls->server) { tls 341 lib/common/tls.c prio = get_gnutls_priorities(tls->cred_type); tls 356 lib/common/tls.c if (tls->cred_type == GNUTLS_CRD_ANON && tls->server) { tls 357 lib/common/tls.c rc = gnutls_credentials_set(session, tls->cred_type, tls->credentials.anon_s); tls 358 lib/common/tls.c } else if (tls->cred_type == GNUTLS_CRD_ANON) { tls 359 lib/common/tls.c rc = gnutls_credentials_set(session, tls->cred_type, tls->credentials.anon_c); tls 360 lib/common/tls.c } else if (tls->cred_type == GNUTLS_CRD_CERTIFICATE) { tls 361 lib/common/tls.c rc = gnutls_credentials_set(session, tls->cred_type, tls->credentials.cert); tls 362 lib/common/tls.c } else if (tls->cred_type == GNUTLS_CRD_PSK && tls->server) { tls 363 lib/common/tls.c rc = gnutls_credentials_set(session, tls->cred_type, tls->credentials.psk_s); tls 364 lib/common/tls.c } else if (tls->cred_type == GNUTLS_CRD_PSK) { tls 365 lib/common/tls.c rc = gnutls_credentials_set(session, tls->cred_type, tls->credentials.psk_c); tls 367 lib/common/tls.c crm_err("Unknown credential type: %d", tls->cred_type); tls 378 lib/common/tls.c if (tls->cred_type == GNUTLS_CRD_CERTIFICATE) { tls 389 lib/common/tls.c gnutls_certificate_set_verify_function(tls->credentials.cert, verify_peer_cert); tls 396 lib/common/tls.c tls_cred_str(tls->cred_type), tls 454 lib/common/tls.c pcmk__tls_add_psk_key(pcmk__tls_t *tls, gnutls_datum_t *key) tls 456 lib/common/tls.c gnutls_psk_set_client_credentials(tls->credentials.psk_c, tls 462 lib/common/tls.c pcmk__tls_add_psk_callback(pcmk__tls_t *tls, tls 465 lib/common/tls.c gnutls_psk_set_server_credentials_function(tls->credentials.psk_s, cb); tls 82 lib/lrmd/lrmd_client.c pcmk__tls_t *tls; tls 630 lib/lrmd/lrmd_client.c if (native->tls) { tls 631 lib/lrmd/lrmd_client.c pcmk__free_tls(native->tls); tls 632 lib/lrmd/lrmd_client.c native->tls = NULL; tls 1543 lib/lrmd/lrmd_client.c if (native->tls == NULL) { tls 1544 lib/lrmd/lrmd_client.c rc = pcmk__init_tls(&native->tls, false, use_cert ? GNUTLS_CRD_CERTIFICATE : GNUTLS_CRD_PSK); tls 1546 lib/lrmd/lrmd_client.c if ((rc != pcmk_rc_ok) || (native->tls == NULL)) { tls 1566 lib/lrmd/lrmd_client.c pcmk__tls_add_psk_key(native->tls, &psk_key); tls 1570 lib/lrmd/lrmd_client.c native->remote->tls_session = pcmk__new_tls_session(native->tls, sock); tls 1643 lib/lrmd/lrmd_client.c if (native->tls == NULL) { tls 1644 lib/lrmd/lrmd_client.c rc = pcmk__init_tls(&native->tls, false, use_cert ? GNUTLS_CRD_CERTIFICATE : GNUTLS_CRD_PSK); tls 1661 lib/lrmd/lrmd_client.c pcmk__tls_add_psk_key(native->tls, &psk_key); tls 1665 lib/lrmd/lrmd_client.c native->remote->tls_session = pcmk__new_tls_session(native->tls, native->sock);