]> git.ipfire.org Git - thirdparty/bind9.git/commit
projects / thirdparty / bind9.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 6468ffc) | patch
Code changes for CSK
authorMatthijs Mekking <matthijs@isc.org>
Wed, 30 Oct 2019 13:38:28 +0000 (14:38 +0100)
committerMatthijs Mekking <matthijs@isc.org>
Wed, 6 Nov 2019 21:36:21 +0000 (22:36 +0100)
commit67033bfd3d5280cfd14950705f0835522ef163e8
tree7235a59322990824e18700aec44769f6231b925btree | snapshot
parent6468ffc3369c290d7aaa92a33de0ce8979b2cdaecommit | diff
Code changes for CSK

Update dns_dnssec_keyactive to differentiate between the roles ZSK
and KSK.  A key is active if it is signing but that differs per role.
A ZSK is signing if its ZRRSIG state is in RUMOURED or OMNIPRESENT,
a KSK is signing if its KRRSIG state is in RUMOURED or OMNIPRESENT.

This means that a key can be actively signing for one role but not
the other.  Add checks in inline signing (zone.c and update.c) to
cover the case where a CSK is active in its KSK role but not the ZSK
role.
lib/dns/dnssec.c diff | blob | blame | history
lib/dns/dst_api.c diff | blob | blame | history
lib/dns/include/dst/dst.h diff | blob | blame | history
lib/dns/update.c diff | blob | blame | history
lib/dns/zone.c diff | blob | blame | history
Mirror of https://gitlab.isc.org/isc-projects/bind9.git