This error code has been unused in knot since 2.3, and now it got removed.
ret = kr_nsec_wildcard_answer_response_check(pkt, KNOT_AUTHORITY, covered->owner);
} else {
ret = kr_nsec3_wildcard_answer_response_check(pkt, KNOT_AUTHORITY, covered->owner, trim_labels - 1);
- if (ret == kr_error(DNSSEC_OUT_OF_RANGE)) {
+ if (ret == kr_error(KNOT_ERANGE)) {
ret = 0;
vctx->flags |= KR_DNSSEC_VFLG_OPTOUT;
}
* @param section_id Packet section to be processed.
* @param encloser Closest (provable) encloser domain name.
* @return 0 or error code:
- * DNSSEC_OUT_OF_RANGE - NSEC3 RR (that covers a wildcard)
+ * KNOT_ERANGE - NSEC3 RR (that covers a wildcard)
* has been found, but has opt-out flag set;
* otherwise - error.
*/
}
if (flags & FLG_NAME_COVERED) {
return has_optout(rrset) ?
- kr_error(DNSSEC_OUT_OF_RANGE) : kr_ok();
+ kr_error(KNOT_ERANGE) : kr_ok();
}
}
* NSEC3 for wildcard has been found and optout flag is not set.
* Now check if NSEC3 that covers next closer name has opt-out. */
return has_optout(covering_next_nsec3) ?
- kr_error(DNSSEC_OUT_OF_RANGE) : kr_ok();
+ kr_error(KNOT_ERANGE) : kr_ok();
}
/**
}
if (flags & FLG_NAME_COVERED) {
return has_optout(rrset) ?
- kr_error(DNSSEC_OUT_OF_RANGE) : kr_ok();
+ kr_error(KNOT_ERANGE) : kr_ok();
}
}
* in the packet can be properly signed,
* AD bit must not be set due to rfc5155 9.2.
* Return appropriate code to the caller */
- ret = kr_error(DNSSEC_OUT_OF_RANGE);
+ ret = kr_error(KNOT_ERANGE);
}
return ret;
}
* Denial of existence can not be proven.
* Set error code to proceed unsecure.
*/
- ret = kr_error(DNSSEC_OUT_OF_RANGE);
+ ret = kr_error(KNOT_ERANGE);
}
return ret;
}
if (has_optout(covering_next_nsec3)) {
- return kr_error(DNSSEC_OUT_OF_RANGE);
+ return kr_error(KNOT_ERANGE);
} else {
return kr_error(EINVAL);
}
* @param sname Name to be checked.
* @param trim_to_next Number of labels to remove to obtain next closer name.
* @return 0 or error code:
- * DNSSEC_OUT_OF_RANGE - NSEC3 RR that covers a wildcard
+ * KNOT_ERANGE - NSEC3 RR that covers a wildcard
* has been found, but has opt-out flag set;
* otherwise - error.
*/
* @return 0 or error code:
* DNSSEC_NOT_FOUND - neither ds nor nsec records
* were not found.
- * DNSSEC_OUT_OF_RANGE - denial of existence can't be proven
+ * KNOT_ERANGE - denial of existence can't be proven
* due to opt-out, otherwise - bogus.
*/
int kr_nsec3_no_data(const knot_pkt_t *pkt, knot_section_t section_id,
* @note No RRSIGs are validated.
* @param pkt Packet structure to be processed.
* @return 0 or error code:
- * DNSSEC_OUT_OF_RANGE - denial of existence can't be proven
+ * KNOT_ERANGE - denial of existence can't be proven
* due to opt-out.
* EEXIST - ds record was found.
* EINVAL - bogus.
/* No-data answer, QTYPE is DS, rfc5155 8.6 */
ret = kr_nsec3_no_data(answer, KNOT_AUTHORITY, proved_name, KNOT_RRTYPE_DS);
}
- if (ret == kr_error(DNSSEC_OUT_OF_RANGE)) {
+ if (ret == kr_error(KNOT_ERANGE)) {
/* Not bogus, going insecure due to optout */
ret = 0;
}
} else {
ret = kr_nsec3_name_error_response_check(pkt, KNOT_AUTHORITY, qry->sname);
}
- if (has_nsec3 && (ret == kr_error(DNSSEC_OUT_OF_RANGE))) {
+ if (has_nsec3 && (ret == kr_error(KNOT_ERANGE))) {
/* NXDOMAIN proof is OK,
* but NSEC3 that covers next closer name
* (or wildcard at next closer name) has opt-out flag.
ret = kr_nsec3_no_data(pkt, KNOT_AUTHORITY, knot_pkt_qname(pkt), knot_pkt_qtype(pkt));
}
if (ret != 0) {
- if (has_nsec3 && (ret == kr_error(DNSSEC_OUT_OF_RANGE))) {
+ if (has_nsec3 && (ret == kr_error(KNOT_ERANGE))) {
VERBOSE_MSG(qry, "<= can't prove NODATA due to optout, going insecure\n");
qry->flags.DNSSEC_OPTOUT = true;
/* Could not return from here,
projects / thirdparty / knot-resolver.git / commitdiff
