Do not call exit() upon dns_zoneverify_dnssec() errors

Replace the remaining fatal() calls inside dns_zoneverify_dnssec() with zoneverify_log_error() and zoneverify_print() calls, ensuring proper cleanup.
2025-08-31 14:35:26 +00:00 · 2018-06-15 09:59:20 +02:00
parent bf65f72934
commit 5ac14cb753
1 changed files with 19 additions and 9 deletions
--- a/lib/dns/zoneverify.c
+++ b/lib/dns/zoneverify.c
@@ -1837,12 +1837,18 @@ dns_zoneverify_dnssec(dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *ver,
 		goto done;
 	}

-	if (ignore_kskflag ) {
-		if (!vctx.goodksk && !vctx.goodzsk)
-			fatal("No self-signed DNSKEY found.");
-	} else if (!vctx.goodksk)
-		fatal("No self-signed KSK DNSKEY found.  Supply an active\n"
-		      "key with the KSK flag set, or use '-P'.");
+	if (ignore_kskflag) {
+		if (!vctx.goodksk && !vctx.goodzsk) {
+			zoneverify_log_error(&vctx,
+					     "No self-signed DNSKEY found");
+			result = ISC_R_FAILURE;
+			goto done;
+		}
+	} else if (!vctx.goodksk) {
+		zoneverify_log_error(&vctx, "No self-signed KSK DNSKEY found");
+		result = ISC_R_FAILURE;
+		goto done;
+	}

 	determine_active_algorithms(&vctx, ignore_kskflag, keyset_kskonly);

@@ -1863,9 +1869,13 @@ dns_zoneverify_dnssec(dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *ver,
 		goto done;
 	}

-	if (vresult != ISC_R_SUCCESS)
-		fatal("DNSSEC completeness test failed (%s).",
-		      dns_result_totext(vresult));
+	result = vresult;
+	if (result != ISC_R_SUCCESS) {
+		zoneverify_print(&vctx,
+				 "DNSSEC completeness test failed (%s).\n",
+				 dns_result_totext(result));
+		goto done;
+	}

 	if (vctx.goodksk || ignore_kskflag) {
 		print_summary(&vctx, keyset_kskonly);