mirror of
https://gitlab.isc.org/isc-projects/bind9
synced 2025-08-31 06:25:31 +00:00
rndc dnssec -checkds set algorithm
In the rare case that you have multiple keys acting as KSK and that have the same keytag, you can now set the algorithm when calling '-checkds'.
This commit is contained in:
@@ -1873,7 +1873,7 @@ failure:
|
||||
static isc_result_t
|
||||
keymgr_checkds(dns_kasp_t *kasp, dns_dnsseckeylist_t *keyring,
|
||||
const char *directory, isc_stdtime_t now, bool dspublish,
|
||||
dns_keytag_t id, bool check_id) {
|
||||
dns_keytag_t id, unsigned int alg, bool check_id) {
|
||||
int options = (DST_TYPE_PRIVATE | DST_TYPE_PUBLIC | DST_TYPE_STATE);
|
||||
isc_dir_t dir;
|
||||
isc_result_t result;
|
||||
@@ -1893,6 +1893,9 @@ keymgr_checkds(dns_kasp_t *kasp, dns_dnsseckeylist_t *keyring,
|
||||
if (check_id && dst_key_id(dkey->key) != id) {
|
||||
continue;
|
||||
}
|
||||
if (alg > 0 && dst_key_alg(dkey->key) != alg) {
|
||||
continue;
|
||||
}
|
||||
|
||||
if (ksk_key != NULL) {
|
||||
/*
|
||||
@@ -1935,16 +1938,16 @@ keymgr_checkds(dns_kasp_t *kasp, dns_dnsseckeylist_t *keyring,
|
||||
isc_result_t
|
||||
dns_keymgr_checkds(dns_kasp_t *kasp, dns_dnsseckeylist_t *keyring,
|
||||
const char *directory, isc_stdtime_t now, bool dspublish) {
|
||||
return (keymgr_checkds(kasp, keyring, directory, now, dspublish, 0,
|
||||
return (keymgr_checkds(kasp, keyring, directory, now, dspublish, 0, 0,
|
||||
false));
|
||||
}
|
||||
|
||||
isc_result_t
|
||||
dns_keymgr_checkds_id(dns_kasp_t *kasp, dns_dnsseckeylist_t *keyring,
|
||||
const char *directory, isc_stdtime_t now, bool dspublish,
|
||||
dns_keytag_t id) {
|
||||
dns_keytag_t id, unsigned int alg) {
|
||||
return (keymgr_checkds(kasp, keyring, directory, now, dspublish, id,
|
||||
true));
|
||||
alg, true));
|
||||
}
|
||||
|
||||
static void
|
||||
|
Reference in New Issue
Block a user