From c08d0f7dd68811bbcacab93555959e30e3aada38 Mon Sep 17 00:00:00 2001 From: Matthijs Mekking Date: Thu, 14 May 2020 15:36:13 +0200 Subject: [PATCH] If prepub > retire, prepub now Catch a case where if the prepublication time of the successor key is later than the retire time of the predecessor. If that is the case we should prepublish as soon as possible, a.k.a. now. --- lib/dns/keymgr.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lib/dns/keymgr.c b/lib/dns/keymgr.c index 87abec4e70..e5f1860c25 100644 --- a/lib/dns/keymgr.c +++ b/lib/dns/keymgr.c @@ -287,6 +287,10 @@ keymgr_prepublication_time(dns_dnsseckey_t *key, dns_kasp_t *kasp, /* * Publish successor 'prepub' time before the 'retire' time of 'key'. */ + if (prepub > retire) { + /* We should have already prepublished the new key. */ + return (now); + } return (retire - prepub); }