mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-29 21:47:59 +00:00
Code Issues Releases Wiki Activity

[master] improve debugging output from dnssec-cds

Browse Source 
4883.	[cleanup]	Improved debugging output from dnssec-cds. [RT #47026]

Patch submitted by Tony Finch (dot@dotat.at)
This commit is contained in:
Evan Hunt 2018-01-31 10:23:01 -08:00
parent ffac31097d
commit d36b7f86fb
2 changed files with 20 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
CHANGES
View File

@ -1,3 +1,5 @@
4883. [cleanup] Improved debugging output from dnssec-cds. [RT #47026]
4882. [bug] Address potential memory leak in
dns_update_signaturesinc. [RT #47084]

21
bin/dnssec/dnssec-cds.c
View File

@ -85,7 +85,7 @@ static dns_rdataclass_t rdclass = dns_rdataclass_in;
*/
static isc_uint8_t dtype[8];
static const char *startstr = NULL; /* from which we derive notbefore */
static const char *startstr = NULL; /* from which we derive notbefore */
static isc_stdtime_t notbefore = 0; /* restrict sig inception times */
static dns_rdata_rrsig_t oldestsig; /* for recording inception time */
@ -521,6 +521,13 @@ match_key_dsset(keyinfo_t *ki, dns_rdataset_t *dsset, strictness_t strictness)
}
}
vbprintf(1, "no matching %s for %s %d %d\n",
dsset->type == dns_rdatatype_cds
? "CDS" : "DS",
ki->rdata.type == dns_rdatatype_cdnskey
? "CDNSKEY" : "DNSKEY",
ki->tag, ki->algo);
return (ISC_FALSE);
}
@ -647,17 +654,25 @@ matching_sigs(keyinfo_t *keytbl, dns_rdataset_t *rdataset,
for (i = 0; i < nkey; i++) {
keyinfo_t *ki = &keytbl[i];
if (ki->dst == NULL ||
sig.keyid != ki->tag ||
if (sig.keyid != ki->tag ||
sig.algorithm != ki->algo ||
!dns_name_equal(&sig.signer, name))
{
continue;
}
if (ki->dst == NULL) {
vbprintf(1, "skip RRSIG by key %d:"
" no matching (C)DS\n",
sig.keyid);
continue;
}
result = dns_dnssec_verify(name, rdataset, ki->dst,
ISC_FALSE, mctx, &sigrdata);
if (result != ISC_R_SUCCESS) {
vbprintf(1, "skip RRSIG by key %d:"
" verification failed: %s\n",
sig.keyid, isc_result_totext(result));
continue;
}