fixed error message when not specifying trusted keys in drill chase

diff --git a/Makefile.in b/Makefile.in
index b7714b7110a75cfeb0911e378ac2f0a85b355430..5b578f3176953a6e7cda0ffee70bfc244785edd9 100644 (file)
--- a/Makefile.in
+++ b/Makefile.in
@@ -92,8 +92,10 @@ doc:         doc/function_manpages
                grep -v ^doxygen | grep -v ^cat  > doc/ldns_manpages
 
 install:       install-h install-lib install-progs install-doc
+               ( cd drill ; make install )
 
 uninstall:     uninstall-doc uninstall-h uninstall-lib uninstall-progs
+               ( cd drill ; make uninstall )
 
 destclean:     uninstall
 

diff --git a/dnssec.c b/dnssec.c
index 17c51aec030474b6252c5650670e9d8131c3fc2c..7e5f75cd89d0cb7a4fbe5f19455e3a84cf2b6e17 100644 (file)
--- a/dnssec.c
+++ b/dnssec.c
@@ -82,21 +82,26 @@ ldns_verify(ldns_rr_list *rrset, ldns_rr_list *rrsig, ldns_rr_list *keys, ldns_r
        bool valid;
        ldns_status verify_result = LDNS_STATUS_ERR;
 
+printf("yo1\n");
        if (!rrset || !rrsig || !keys) {
                return LDNS_STATUS_ERR;
        }
 
        valid = false;
        
-printf("Verify sig rr:\n");
-ldns_rr_list_print(stdout, rrsig);
-
-       for (i = 0; i < ldns_rr_list_rr_count(rrsig); i++) {
+printf("yo2\n");
+       if (ldns_rr_list_rr_count(keys) < 1) {
+printf("yo3\n");
+               verify_result = LDNS_STATUS_CRYPTO_NO_TRUSTED_DNSKEY;
+       } else {
+printf("yo4\n");
+               for (i = 0; i < ldns_rr_list_rr_count(rrsig); i++) {
 
-               verify_result = ldns_verify_rrsig_keylist(rrset,
-                               ldns_rr_list_rr(rrsig, i),
-                               keys,
-                               good_keys);
+                       verify_result = ldns_verify_rrsig_keylist(rrset,
+                                       ldns_rr_list_rr(rrsig, i),
+                                       keys,
+                                       good_keys);
+               }
        }
        return verify_result;
 }
@@ -313,9 +318,6 @@ ldns_verify_rrsig(ldns_rr_list *rrset, ldns_rr *rrsig, ldns_rr *key)
                return LDNS_STATUS_ERR;
        }
 
-printf("signature to verify:\n");
-ldns_rr_print(stdout, rrsig);
-
        /* check the signature time stamps */
        inception = ldns_rdf2native_time_t(ldns_rr_rrsig_inception(rrsig));
        expiration = ldns_rdf2native_time_t(ldns_rr_rrsig_expiration(rrsig));
@@ -465,12 +467,6 @@ ldns_verify_rrsig_dsa(ldns_buffer *sig, ldns_buffer *rrset, ldns_buffer *key)
        (void) BN_bin2bn((unsigned char*)ldns_buffer_at(sig, 1), SHA_DIGEST_LENGTH, R);
        S = BN_new();
        (void) BN_bin2bn((unsigned char*)ldns_buffer_at(sig, 21), SHA_DIGEST_LENGTH, S);
-printf("VERIFY:\n");
-printf("R: ");
-BN_print_fp(stdout, R);
-printf("\nS: ");
-BN_print_fp(stdout, S);
-printf("\n");
 
        dsasig = DSA_SIG_new();
        if (!dsasig) {
@@ -905,15 +901,6 @@ ldns_sign_public_dsa(ldns_buffer *to_sign, DSA *key)
 
        sigdata_rdf = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64,  1 + 2 * SHA_DIGEST_LENGTH, data);
 
-printf("Signing: \n");
-printf("R: ");
-BN_print_fp(stdout, sig->r);
-printf("\nS: ");
-BN_print_fp(stdout, sig->s);
-printf("\n\rdf: ");
-ldns_rdf_print(stdout, sigdata_rdf);
-printf("\n");
-
        ldns_buffer_free(b64sig);
        LDNS_FREE(data);
 

diff --git a/drill/chasetrace.c b/drill/chasetrace.c
index 5b090df4dc513918ef9c014ea7e7da9a022d3ce6..3b48ec0f11eda8c230d8b0d7e062cbb883ee9c19 100644 (file)
--- a/drill/chasetrace.c
+++ b/drill/chasetrace.c
@@ -311,6 +311,11 @@ do_chase(ldns_resolver *res, ldns_rdf *name, ldns_rr_type type, ldns_rr_class c,
                return LDNS_STATUS_EMPTY_LABEL;
        }
        
+       if (!trusted_keys || ldns_rr_list_rr_count(trusted_keys) < 1) {
+               mesg("No trusted keys specified\n");
+               return LDNS_STATUS_CRYPTO_NO_TRUSTED_DNSKEY;
+       }
+       
        if (pkt) {
                rrset = ldns_pkt_rr_list_by_name_and_type(pkt,
                                name,