ACK On 3/13/2012 11:35 AM, Jan Friesse wrote: > Signed-off-by: Jan Friesse <jfriesse@xxxxxxxxxx> > --- > SECURITY | 18 ------------------ > man/corosync-cfgtool.8 | 3 --- > tools/corosync-cfgtool.c | 25 +------------------------ > 3 files changed, 1 insertions(+), 45 deletions(-) > > diff --git a/SECURITY b/SECURITY > index a2a4fdf..fce6983 100644 > --- a/SECURITY > +++ b/SECURITY > @@ -85,22 +85,4 @@ When a message is received (decrypt_and_authenticate): > - If they do match then the message is decrypted using the private key. > - The message is processed. > > - > -Compatibility > -------------- > - > -The encryption type can be changed at runtime with a single command: > - > -# corosync-cfgtool -c0 > - > -(0 for nss) > - > -This will tell all cluster nodes to start using libnss encryption. Note that > -it is possible to upgrade node individially by setting the encryption type in > -corosync.conf. The last byte of the packet indicates the decryption algorithm > -that the receiver should use. > - > -Once all nodes are using libnss encryption, the option should be set in > -in corosync.conf so that it takes effect at the next system reboot. > - > Comments welcome mailto:discuss@xxxxxxxxxxxx > diff --git a/man/corosync-cfgtool.8 b/man/corosync-cfgtool.8 > index 49b921b..f3c9784 100644 > --- a/man/corosync-cfgtool.8 > +++ b/man/corosync-cfgtool.8 > @@ -65,9 +65,6 @@ Unload a service identified by "service_name". > .B -a > Display the IP address(es) of a node. > .TP > -.B -c > -Set the cryptography mode of cluster communications. > -.TP > .B -k > Kill a node identified by node id. > .TP > diff --git a/tools/corosync-cfgtool.c b/tools/corosync-cfgtool.c > index 78e4bbb..dff3d76 100644 > --- a/tools/corosync-cfgtool.c > +++ b/tools/corosync-cfgtool.c > @@ -189,25 +189,6 @@ static void showaddrs_do(int nodeid) > } > > > -static void crypto_do(unsigned int type) > -{ > - cs_error_t result; > - corosync_cfg_handle_t handle; > - > - printf ("Setting crypto to mode %d\n", type); > - result = corosync_cfg_initialize (&handle, NULL); > - if (result != CS_OK) { > - printf ("Could not initialize corosync configuration API error %d\n", result); > - exit (1); > - } > - result = corosync_cfg_crypto_set (handle, type); > - if (result != CS_OK) { > - printf ("Could not set crypto mode (error = %d)\n", result); > - } > - (void)corosync_cfg_finalize (handle); > - > -} > - > static void killnode_do(unsigned int nodeid) > { > cs_error_t result; > @@ -236,13 +217,12 @@ static void usage_do (void) > printf ("\t-r\tReset redundant ring state cluster wide after a fault to\n"); > printf ("\t\tre-enable redundant ring operation.\n"); > printf ("\t-a\tDisplay the IP address(es) of a node\n"); > - printf ("\t-c\tSet the cryptography mode of cluster communications\n"); > printf ("\t-k\tKill a node identified by node id.\n"); > printf ("\t-H\tShutdown corosync cleanly on this node.\n"); > } > > int main (int argc, char *argv[]) { > - const char *options = "i:srk:a:c:hH"; > + const char *options = "i:srk:a:hH"; > int opt; > unsigned int nodeid; > char interface_name[128] = ""; > @@ -272,9 +252,6 @@ int main (int argc, char *argv[]) { > case 'a': > showaddrs_do( atoi(optarg) ); > break; > - case 'c': > - crypto_do( atoi(optarg) ); > - break; > case 'h': > usage_do(); > break; _______________________________________________ discuss mailing list discuss@xxxxxxxxxxxx http://lists.corosync.org/mailman/listinfo/discuss