mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-31 22:45:39 +00:00
Code Issues Releases Wiki Activity

a KSK revoked by named could not be deleted. [RT #20881]

Browse Source
This commit is contained in:
Francis Dupont
2010-01-13 08:35:24 +00:00
parent b3990d04da
commit f77148e029
2 changed files with 31 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
CHANGES
View File

@@ -1,3 +1,6 @@
2838. [bug] A KSK revoked by named could not be deleted.
[RT #20881]
2837. [port] Prevent Linux spurious warnings about fwrite(). 2837. [port] Prevent Linux spurious warnings about fwrite().
[RT #20812] [RT #20812]

29
lib/dns/dnssec.c
View File

@@ -16,7 +16,7 @@
*/ */
/* /*
* $Id: dnssec.c,v 1.117 2009/12/18 23:49:03 tbox Exp $ * $Id: dnssec.c,v 1.118 2010/01/13 08:35:24 fdupont Exp $
*/ */
/*! \file */ /*! \file */
@@ -1449,6 +1449,33 @@ dns_dnssec_keylistfromrdataset(dns_name_t *origin,
DST_TYPE_PUBLIC|DST_TYPE_PRIVATE, DST_TYPE_PUBLIC|DST_TYPE_PRIVATE,
directory, mctx, &privkey); directory, mctx, &privkey);
/*
* If the key was revoked and the private file
* doesn't exist, maybe it was revoked internally
* by named. Try loading the unrevoked version.
*/
if (result == ISC_R_FILENOTFOUND) {
isc_uint32_t flags;
flags = dst_key_flags(pubkey);
if ((flags & DNS_KEYFLAG_REVOKE) != 0) {
dst_key_setflags(pubkey,
flags & ~DNS_KEYFLAG_REVOKE);
result = dst_key_fromfile(dst_key_name(pubkey),
dst_key_id(pubkey),
dst_key_alg(pubkey),
DST_TYPE_PUBLIC|
DST_TYPE_PRIVATE,
directory,
mctx, &privkey);
if (result == ISC_R_SUCCESS &&
dst_key_pubcompare(pubkey, privkey,
ISC_FALSE)) {
dst_key_setflags(privkey, flags);
}
dst_key_setflags(pubkey, flags);
}
}
if (result != ISC_R_SUCCESS) { if (result != ISC_R_SUCCESS) {
char keybuf[DNS_NAME_FORMATSIZE]; char keybuf[DNS_NAME_FORMATSIZE];
char algbuf[DNS_SECALG_FORMATSIZE]; char algbuf[DNS_SECALG_FORMATSIZE];