diff --git a/configure.ac b/configure.ac index 219a97a5fb2..cf379a88554 100644 --- a/configure.ac +++ b/configure.ac @@ -311,11 +311,11 @@ AC_ARG_WITH([cibsecrets], yes_no_try "$with_cibsecrets" "no" with_cibsecrets=$? -PCMK_GNUTLS_PRIORITIES="NORMAL" +PCMK__GNUTLS_PRIORITIES="NORMAL" AC_ARG_WITH([gnutls-priorities], [AS_HELP_STRING([--with-gnutls-priorities], [default GnuTLS cipher priorities @<:@NORMAL@:>@])], - [ test x"$withval" = x"no" || PCMK_GNUTLS_PRIORITIES="$withval" ] + [ test x"$withval" = x"no" || PCMK__GNUTLS_PRIORITIES="$withval" ] ) AC_ARG_WITH([concurrent-fencing-default], @@ -644,11 +644,11 @@ AC_DEFINE_UNQUOTED([PCMK__RESOURCE_STICKINESS_DEFAULT], [$with_resource_stickiness_default], [Default value for resource-stickiness resource meta-attribute]) -AS_IF([test x"${PCMK_GNUTLS_PRIORITIES}" != x""], [], +AS_IF([test x"${PCMK__GNUTLS_PRIORITIES}" != x""], [], [AC_MSG_ERROR([--with-gnutls-priorities value must not be empty])]) -AC_DEFINE_UNQUOTED([PCMK_GNUTLS_PRIORITIES], ["$PCMK_GNUTLS_PRIORITIES"], +AC_DEFINE_UNQUOTED([PCMK__GNUTLS_PRIORITIES], ["$PCMK__GNUTLS_PRIORITIES"], [GnuTLS cipher priorities]) -AC_SUBST(PCMK_GNUTLS_PRIORITIES) +AC_SUBST(PCMK__GNUTLS_PRIORITIES) AC_SUBST(BUG_URL) AC_DEFINE_UNQUOTED([PCMK__BUG_URL], ["$BUG_URL"], diff --git a/doc/sphinx/Makefile.am b/doc/sphinx/Makefile.am index b95f47b9590..d5826733e96 100644 --- a/doc/sphinx/Makefile.am +++ b/doc/sphinx/Makefile.am @@ -134,7 +134,7 @@ $(BOOKS:%=%/conf.py): conf.py.in -e 's#%CRM_LOG_DIR%#@CRM_LOG_DIR@#g' \ -e 's#%CRM_SCHEMA_DIRECTORY%#@CRM_SCHEMA_DIRECTORY@#g' \ -e 's#%PACEMAKER_CONFIG_DIR%#@PACEMAKER_CONFIG_DIR@#g' \ - -e 's#%PCMK_GNUTLS_PRIORITIES%#@PCMK_GNUTLS_PRIORITIES@#g' \ + -e 's#%PCMK__GNUTLS_PRIORITIES%#@PCMK__GNUTLS_PRIORITIES@#g' \ -e 's#%PCMK__REMOTE_SCHEMA_DIR%#@PCMK__REMOTE_SCHEMA_DIR@#g' \ $(<) > "$@" diff --git a/doc/sphinx/Pacemaker_Explained/local-options.rst b/doc/sphinx/Pacemaker_Explained/local-options.rst index 5d55c4ae2a7..dedbdd7ee9a 100644 --- a/doc/sphinx/Pacemaker_Explained/local-options.rst +++ b/doc/sphinx/Pacemaker_Explained/local-options.rst @@ -552,7 +552,7 @@ environment variables when Pacemaker daemons start up. PCMK_tls_priorities - :ref:`text ` - - |PCMK_GNUTLS_PRIORITIES| + - |PCMK__GNUTLS_PRIORITIES| - *Advanced Use Only:* These GnuTLS cipher priorities will be used for TLS connections (whether for Pacemaker Remote connections or remote CIB access, when enabled). See: diff --git a/doc/sphinx/conf.py.in b/doc/sphinx/conf.py.in index a921b3aad66..fbd91125cbd 100644 --- a/doc/sphinx/conf.py.in +++ b/doc/sphinx/conf.py.in @@ -37,7 +37,7 @@ rst_prolog=""" .. |CRM_SCHEMA_DIRECTORY| replace:: %CRM_SCHEMA_DIRECTORY% .. |PCMK_AUTHKEY_FILE| replace:: %PACEMAKER_CONFIG_DIR%/authkey .. |PCMK_CONFIG_FILE| replace:: ``%CONFIGDIR%/pacemaker`` -.. |PCMK_GNUTLS_PRIORITIES| replace:: %PCMK_GNUTLS_PRIORITIES% +.. |PCMK__GNUTLS_PRIORITIES| replace:: %PCMK__GNUTLS_PRIORITIES% .. |PCMK_INIT_ENV_FILE| replace:: ``%PACEMAKER_CONFIG_DIR%/pcmk-init.env`` .. |PCMK_LOG_FILE| replace:: %CRM_LOG_DIR%/pacemaker.log .. |PCMK_CONTAINER_LOG_FILE| replace:: ``/var/log/pcmk-init.log`` diff --git a/etc/sysconfig/pacemaker.in b/etc/sysconfig/pacemaker.in index d6a38dbce15..36c1a43d8b2 100644 --- a/etc/sysconfig/pacemaker.in +++ b/etc/sysconfig/pacemaker.in @@ -255,7 +255,7 @@ # for Pacemaker Remote connections, as they are required for the respective # functionality. # -# Default: PCMK_tls_priorities="@PCMK_GNUTLS_PRIORITIES@" +# Default: PCMK_tls_priorities="@PCMK__GNUTLS_PRIORITIES@" # Example: PCMK_tls_priorities="SECURE128:+SECURE192:-VERS-ALL:+VERS-TLS1.2" # PCMK_dh_max_bits (Advanced Use Only) diff --git a/lib/common/remote.c b/lib/common/remote.c index 54023d77545..95962c96dba 100644 --- a/lib/common/remote.c +++ b/lib/common/remote.c @@ -187,7 +187,7 @@ pcmk__new_tls_session(int csock, unsigned int conn_type, prio_base = pcmk__env_option(PCMK__ENV_TLS_PRIORITIES); if (prio_base == NULL) { - prio_base = PCMK_GNUTLS_PRIORITIES; + prio_base = PCMK__GNUTLS_PRIORITIES; } prio = crm_strdup_printf("%s:%s", prio_base, (cred_type == GNUTLS_CRD_ANON)? "+ANON-DH" : "+DHE-PSK:+PSK");