Propagate dns_zoneverify_dnssec() errors to callers

Since exit() is no longer called upon any dns_zoneverify_dnssec() error, verification failures should be signalled to callers. Make dns_zoneverify_dnssec() return an isc_result_t and handle both success and error appropriately in bin/dnssec/dnssec-signzone.c and bin/dnssec/dnssec-verify.c. This enables memory leak detection during shutdown of these tools and causes dnssec-signzone to print signing statistics even when zone verification fails.
2025-08-31 06:25:31 +00:00 · 2018-06-15 09:59:20 +02:00
parent a7ae615743
commit 24bca1c4b4
4 changed files with 32 additions and 17 deletions
--- a/lib/dns/zoneverify.c
+++ b/lib/dns/zoneverify.c
@@ -1809,7 +1809,7 @@ print_summary(const vctx_t *vctx, isc_boolean_t keyset_kskonly) {
 	}
 }

-void
+isc_result_t
 dns_zoneverify_dnssec(dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *ver,
 		      dns_name_t *origin, isc_mem_t *mctx,
 		      isc_boolean_t ignore_kskflag,
@@ -1820,7 +1820,7 @@ dns_zoneverify_dnssec(dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *ver,

 	result = vctx_init(&vctx, mctx, zone, db, ver, origin);
 	if (result != ISC_R_SUCCESS) {
-		return;
+		return (result);
 	}

 	result = check_apex_rrsets(&vctx);
@@ -1879,4 +1879,6 @@ dns_zoneverify_dnssec(dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *ver,

 done:
 	vctx_destroy(&vctx);
+
+	return (result);
 }