mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-09-03 08:05:21 +00:00
Code Issues Releases Wiki Activity

Do not call exit() upon dns_zoneverify_dnssec() errors

Browse Source 
Replace the remaining fatal() calls inside dns_zoneverify_dnssec() with
zoneverify_log_error() and zoneverify_print() calls, ensuring proper
cleanup.
This commit is contained in:
Michał Kępień
2018-06-15 09:59:20 +02:00
parent bf65f72934
commit 5ac14cb753
1 changed files with 19 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
lib/dns/zoneverify.c
View File

@@ -1837,12 +1837,18 @@ dns_zoneverify_dnssec(dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *ver,
goto done; goto done;
} }
if (ignore_kskflag ) { if (ignore_kskflag) {
if (!vctx.goodksk && !vctx.goodzsk) if (!vctx.goodksk && !vctx.goodzsk) {
fatal("No self-signed DNSKEY found."); zoneverify_log_error(&vctx,
} else if (!vctx.goodksk) "No self-signed DNSKEY found");
fatal("No self-signed KSK DNSKEY found. Supply an active\n" result = ISC_R_FAILURE;
"key with the KSK flag set, or use '-P'."); goto done;
}
} else if (!vctx.goodksk) {
zoneverify_log_error(&vctx, "No self-signed KSK DNSKEY found");
result = ISC_R_FAILURE;
goto done;
}
determine_active_algorithms(&vctx, ignore_kskflag, keyset_kskonly); determine_active_algorithms(&vctx, ignore_kskflag, keyset_kskonly);
@@ -1863,9 +1869,13 @@ dns_zoneverify_dnssec(dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *ver,
goto done; goto done;
} }
if (vresult != ISC_R_SUCCESS) result = vresult;
fatal("DNSSEC completeness test failed (%s).", if (result != ISC_R_SUCCESS) {
dns_result_totext(vresult)); zoneverify_print(&vctx,
"DNSSEC completeness test failed (%s).\n",
dns_result_totext(result));
goto done;
}
if (vctx.goodksk || ignore_kskflag) { if (vctx.goodksk || ignore_kskflag) {
print_summary(&vctx, keyset_kskonly); print_summary(&vctx, keyset_kskonly);