Signed-off-by: Jan Friesse <jfriesse@xxxxxxxxxx> --- SECURITY | 18 ------------------ man/corosync-cfgtool.8 | 3 --- tools/corosync-cfgtool.c | 25 +------------------------ 3 files changed, 1 insertions(+), 45 deletions(-) diff --git a/SECURITY b/SECURITY index a2a4fdf..fce6983 100644 --- a/SECURITY +++ b/SECURITY @@ -85,22 +85,4 @@ When a message is received (decrypt_and_authenticate): - If they do match then the message is decrypted using the private key. - The message is processed. - -Compatibility -------------- - -The encryption type can be changed at runtime with a single command: - -# corosync-cfgtool -c0 - -(0 for nss) - -This will tell all cluster nodes to start using libnss encryption. Note that -it is possible to upgrade node individially by setting the encryption type in -corosync.conf. The last byte of the packet indicates the decryption algorithm -that the receiver should use. - -Once all nodes are using libnss encryption, the option should be set in -in corosync.conf so that it takes effect at the next system reboot. - Comments welcome mailto:discuss@xxxxxxxxxxxx diff --git a/man/corosync-cfgtool.8 b/man/corosync-cfgtool.8 index 49b921b..f3c9784 100644 --- a/man/corosync-cfgtool.8 +++ b/man/corosync-cfgtool.8 @@ -65,9 +65,6 @@ Unload a service identified by "service_name". .B -a Display the IP address(es) of a node. .TP -.B -c -Set the cryptography mode of cluster communications. -.TP .B -k Kill a node identified by node id. .TP diff --git a/tools/corosync-cfgtool.c b/tools/corosync-cfgtool.c index 78e4bbb..dff3d76 100644 --- a/tools/corosync-cfgtool.c +++ b/tools/corosync-cfgtool.c @@ -189,25 +189,6 @@ static void showaddrs_do(int nodeid) } -static void crypto_do(unsigned int type) -{ - cs_error_t result; - corosync_cfg_handle_t handle; - - printf ("Setting crypto to mode %d\n", type); - result = corosync_cfg_initialize (&handle, NULL); - if (result != CS_OK) { - printf ("Could not initialize corosync configuration API error %d\n", result); - exit (1); - } - result = corosync_cfg_crypto_set (handle, type); - if (result != CS_OK) { - printf ("Could not set crypto mode (error = %d)\n", result); - } - (void)corosync_cfg_finalize (handle); - -} - static void killnode_do(unsigned int nodeid) { cs_error_t result; @@ -236,13 +217,12 @@ static void usage_do (void) printf ("\t-r\tReset redundant ring state cluster wide after a fault to\n"); printf ("\t\tre-enable redundant ring operation.\n"); printf ("\t-a\tDisplay the IP address(es) of a node\n"); - printf ("\t-c\tSet the cryptography mode of cluster communications\n"); printf ("\t-k\tKill a node identified by node id.\n"); printf ("\t-H\tShutdown corosync cleanly on this node.\n"); } int main (int argc, char *argv[]) { - const char *options = "i:srk:a:c:hH"; + const char *options = "i:srk:a:hH"; int opt; unsigned int nodeid; char interface_name[128] = ""; @@ -272,9 +252,6 @@ int main (int argc, char *argv[]) { case 'a': showaddrs_do( atoi(optarg) ); break; - case 'c': - crypto_do( atoi(optarg) ); - break; case 'h': usage_do(); break; -- 1.7.1 _______________________________________________ discuss mailing list discuss@xxxxxxxxxxxx http://lists.corosync.org/mailman/listinfo/discuss
