mirror of
https://git.proxmox.com/git/mirror_corosync
synced 2025-08-13 22:48:05 +00:00
ce03c68394
Because crypto changing happens in the 'commit' phase of the reload and we can't get sure that knet will allow the new parameters, the result gets ignored. This can happen in FIPS mode if a non-FIPS cipher is requested. This patch reports the errors back in a cmap key so that the command-line can spot those errors and report them back to the user. It also restores the internal values for crypto so that subsequent attempts to change things have predictable results. Otherwise further attempts can do nothing but not report any errors back. I've also added some error reporting back for the knet ping counters using this mechanism. The alternative to all of this would be to check for FIPS in totemconfig.c and then exclude certain options, but this would be duplicating code that could easily get out of sync. This system could also be a useful mechanism for reporting back other 'impossible' errors. Signed-off-by: Christine Caulfield <ccaulfie@redhat.com> Reviewed-by: Jan Friesse <jfriesse@redhat.com> |
||
|---|---|---|
| .. | ||
| .gitignore | ||
| corosync-blackbox.sh | ||
| corosync-cfgtool.c | ||
| corosync-cmapctl.c | ||
| corosync-cpgtool.c | ||
| corosync-keygen.c | ||
| corosync-notifyd.c | ||
| corosync-notifyd.sysconfig.example | ||
| corosync-quorumtool.c | ||
| corosync-xmlproc.sh | ||
| Makefile.am | ||
| util.c | ||
| util.h | ||