Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE
pacemaker.8750
pacemaker-pacemaker_remote-warn-if-TLS-key-cant...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File pacemaker-pacemaker_remote-warn-if-TLS-key-cant-be-read-at-start-up.patch of Package pacemaker.8750
commit 54c017eec616213dcc75a0d10bb57935d79f3b96 Author: Ken Gaillot <kgaillot@redhat.com> Date: Wed Oct 25 15:21:53 2017 -0500 Log: pacemaker_remote: warn if TLS key can't be read at start-up diff --git a/lrmd/tls_backend.c b/lrmd/tls_backend.c index ce62bfbf6..bc57ee701 100644 --- a/lrmd/tls_backend.c +++ b/lrmd/tls_backend.c @@ -298,6 +298,7 @@ lrmd_init_remote_tls_server() int port = crm_default_remote_port(); struct addrinfo hints, *res = NULL, *iter; char port_str[6]; // at most "65535" + gnutls_datum_t psk_key = { NULL, 0 }; static struct mainloop_fd_callbacks remote_listen_fd_callbacks = { .dispatch = lrmd_remote_listen, @@ -314,6 +315,16 @@ lrmd_init_remote_tls_server() gnutls_psk_set_server_credentials_function(psk_cred_s, lrmd_tls_server_key_cb); gnutls_psk_set_server_dh_params(psk_cred_s, dh_params); + /* The key callback won't get called until the first client connection + * attempt. Do it once here, so we can warn the user at start-up if we can't + * read the key. We don't error out, though, because it's fine if the key is + * going to be added later. + */ + rc = lrmd_tls_set_key(&psk_key); + if (rc != 0) { + crm_warn("A cluster connection will not be possible until the key is available"); + } + memset(&hints, 0, sizeof(struct addrinfo)); /* Bind to the wildcard address (INADDR_ANY or IN6ADDR_ANY_INIT). * @TODO allow user to specify a specific address
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor