mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-31 14:35:26 +00:00
Code Issues Releases Wiki Activity

4837. [bug] dns_update_signatures{inc} (add_sigs) was not

Browse Source 
properly determining if there were active KSK and
                        ZSK keys for a algorithm when update-check-ksk is
                        true (default) leaving records unsigned. [RT #46743]
This commit is contained in:
Mark Andrews
2017-12-04 10:03:51 +11:00
parent 1b0ca5d5bb
commit 196e01da5f
9 changed files with 75 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
lib/dns/update.c
View File

@@ -1105,6 +1105,8 @@ add_sigs(dns_update_log_t *log, dns_zone_t *zone, dns_db_t *db,
if (!dst_key_isprivate(keys[i]))
continue;
if (dst_key_inactive(keys[i])) /* Should be redundant. */
continue;
if (check_ksk && !REVOKE(keys[i])) {
isc_boolean_t have_ksk, have_nonksk;
@@ -1118,6 +1120,10 @@ add_sigs(dns_update_log_t *log, dns_zone_t *zone, dns_db_t *db,
for (j = 0; j < nkeys; j++) {
if (j == i || ALG(keys[i]) != ALG(keys[j]))
continue;
if (!dst_key_isprivate(keys[j]))
continue;
if (dst_key_inactive(keys[j])) /* SBR */
continue;
if (REVOKE(keys[j]))
continue;
if (KSK(keys[j]))