HomeClusterLabs Projects

Report crypto errors back to cfg reload

Description

Report crypto errors back to cfg reload

Because crypto changing happens in the 'commit' phase
of the reload and we can't get sure that knet will
allow the new parameters, the result gets ignored.
This can happen in FIPS mode if a non-FIPS cipher
is requested.

This patch reports the errors back in a cmap key
so that the command-line can spot those errors
and report them back to the user.

It also restores the internal values for crypto
so that subsequent attempts to change things have
predictable results. Otherwise further attempts can
do nothing but not report any errors back.

I've also added some error reporting back for the
knet ping counters using this mechanism.

The alternative to all of this would be to check for FIPS
in totemconfig.c and then exclude certain options, but this
would be duplicating code that could easily get out of sync.

This system could also be a useful mechanism for reporting
back other 'impossible' errors.

Signed-off-by: Christine Caulfield <ccaulfie@redhat.com>
Reviewed-by: Jan Friesse <jfriesse@redhat.com>

Details

Provenance
chrissie-cAuthored on Jan 31 2024, 5:29 AM
jfriesseCommitted on Feb 5 2024, 9:20 AM
Parents
rC8d46eb012778: Fix up the library .versions files
Branches
Unknown
Tags
Unknown