Reworked statement, original was missing !

author Wouter Wijngaards <wouter@NLnetLabs.nl>

Fri, 28 Jul 2006 09:00:36 +0000 (09:00 +0000)

committer Wouter Wijngaards <wouter@NLnetLabs.nl>

Fri, 28 Jul 2006 09:00:36 +0000 (09:00 +0000)
author Wouter Wijngaards <wouter@NLnetLabs.nl>
Fri, 28 Jul 2006 09:00:36 +0000 (09:00 +0000)
committer Wouter Wijngaards <wouter@NLnetLabs.nl>
Fri, 28 Jul 2006 09:00:36 +0000 (09:00 +0000)
diff --git a/dnssec.c b/dnssec.c

index da6b788e37405131c610af19e289d5b9e87c52f6..bbb2b2f4cf85dece34445afc3cf9da9247e897db 100644 (file)
--- a/dnssec.c
+++ b/dnssec.c
@@ -818,13 +818,10 @@ ldns_sign_public(ldns_rr_list *rrset, ldns_key_list *keys)
                 current_key = ldns_key_list_key(keys, key_count);
                 /* sign all RRs with keys that have ZSKbit, !SEPbit.
                    sign DNSKEY RRs with keys that have ZSKbit&SEPbit */
-               if (ldns_key_flags(current_key)&LDNS_KEY_ZONE_KEY && /* must have ZSK to sign */
-                       ( !(ldns_key_flags(current_key)&LDNS_KEY_SEP_KEY) /* be ZSK key */
-                       ||
-                       (ldns_key_flags(current_key)&LDNS_KEY_SEP_KEY && /* or be KSK */
-                                                                       /* and type=DNSKEY */
-                        ldns_rr_get_type(ldns_rr_list_rr(rrset, 0)) == LDNS_RR_TYPE_DNSKEY)
-                       )
+               if (
+                        ldns_key_flags(current_key) & LDNS_KEY_ZONE_KEY &&
+                        (!(ldns_key_flags(current_key) & LDNS_KEY_SEP_KEY) ||
+                        ldns_rr_get_type(ldns_rr_list_rr(rrset, 0)) == LDNS_RR_TYPE_DNSKEY)
                    ) {
                         current_sig = ldns_rr_new_frm_type(LDNS_RR_TYPE_RRSIG);
author	Wouter Wijngaards <wouter@NLnetLabs.nl>
	Fri, 28 Jul 2006 09:00:36 +0000 (09:00 +0000)
committer	Wouter Wijngaards <wouter@NLnetLabs.nl>
	Fri, 28 Jul 2006 09:00:36 +0000 (09:00 +0000)