mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-31 06:25:31 +00:00
Code Issues Releases Wiki Activity

rndc dnssec -checkds set algorithm

Browse Source 
In the rare case that you have multiple keys acting as KSK and that
have the same keytag, you can now set the algorithm when calling
'-checkds'.
This commit is contained in:
Matthijs Mekking
2020-08-04 10:33:19 +02:00
parent e4c82fc7ae
commit 46fcd927e7
7 changed files with 65 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
lib/dns/keymgr.c
View File

@@ -1873,7 +1873,7 @@ failure:
static isc_result_t
keymgr_checkds(dns_kasp_t *kasp, dns_dnsseckeylist_t *keyring,
const char *directory, isc_stdtime_t now, bool dspublish,
dns_keytag_t id, bool check_id) {
dns_keytag_t id, unsigned int alg, bool check_id) {
int options = (DST_TYPE_PRIVATE | DST_TYPE_PUBLIC | DST_TYPE_STATE);
isc_dir_t dir;
isc_result_t result;
@@ -1893,6 +1893,9 @@ keymgr_checkds(dns_kasp_t *kasp, dns_dnsseckeylist_t *keyring,
if (check_id && dst_key_id(dkey->key) != id) {
continue;
}
if (alg > 0 && dst_key_alg(dkey->key) != alg) {
continue;
}
if (ksk_key != NULL) {
/*
@@ -1935,16 +1938,16 @@ keymgr_checkds(dns_kasp_t *kasp, dns_dnsseckeylist_t *keyring,
isc_result_t
dns_keymgr_checkds(dns_kasp_t *kasp, dns_dnsseckeylist_t *keyring,
const char *directory, isc_stdtime_t now, bool dspublish) {
return (keymgr_checkds(kasp, keyring, directory, now, dspublish, 0,
return (keymgr_checkds(kasp, keyring, directory, now, dspublish, 0, 0,
false));
}
isc_result_t
dns_keymgr_checkds_id(dns_kasp_t *kasp, dns_dnsseckeylist_t *keyring,
const char *directory, isc_stdtime_t now, bool dspublish,
dns_keytag_t id) {
dns_keytag_t id, unsigned int alg) {
return (keymgr_checkds(kasp, keyring, directory, now, dspublish, id,
true));
alg, true));
}
static void