2
0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-30 22:15:20 +00:00

[master] tag initializing keys so they can't be used for normal validation

4773.	[bug]		Keys specified in "managed-keys" statements
			can now only be used when validating key refresh
			queries during initialization of RFC 5011 key
			maintenance. If initialization fails, DNSSEC
			validation of normal queries will also fail.
			Previously, validation of normal queries could
			succeed using the initializing key, potentially
			masking problems with managed-keys. [RT #46077]
This commit is contained in:
Evan Hunt
2017-10-11 21:01:13 -07:00
parent 77c7d1c555
commit 560d8b833e
24 changed files with 378 additions and 128 deletions

View File

@@ -1546,7 +1546,7 @@ dns_client_addtrustedkey(dns_client_t *client, dns_rdataclass_t rdclass,
if (result != ISC_R_SUCCESS)
goto cleanup;
result = dns_keytable_add(secroots, ISC_FALSE, &dstkey);
result = dns_keytable_add2(secroots, ISC_FALSE, ISC_FALSE, &dstkey);
cleanup:
if (dstkey != NULL)