val-override-date: -1 ignores dates entirely, for NTP usage.

git-svn-id: file:///svn/unbound/trunk@2410 be551aaa-1e26-0410-a405-d3ace91eadb9

diff --git a/doc/Changelog b/doc/Changelog
index da9e0767af03e76d593bf6ee5c9fff595731ca28..887e4e832b86723eea233596ddcb39455c9dc384 100644 (file)
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -4,6 +4,7 @@
          not withheld if it is bogus.  Thus, unbound will retry if it is bad
          and curb the TTL if it is bad, thus protecting the cache for use by
          downstream validators.
+       - val-override-date: -1 ignores dates entirely, for NTP usage.
 
 29 March 2011: Wouter
        - harden-below-nxdomain: changed so that it activates when the

diff --git a/doc/example.conf.in b/doc/example.conf.in
index 3bd541cbf44c73df7c8e7bd62c1376564e0f10ff..8f2567ecf9e7bfa2fff63960ee71b659db3e6416 100644 (file)
--- a/doc/example.conf.in
+++ b/doc/example.conf.in
@@ -352,7 +352,7 @@ server:
 
        # Override the date for validation with a specific fixed date.
        # Do not set this unless you are debugging signature inception
-       # and expiration. "" or "0" turns the feature off. 
+       # and expiration. "" or "0" turns the feature off. -1 ignores date.
        # val-override-date: ""
 
        # The time to live for bogus data, rrsets and messages. This avoids

diff --git a/doc/unbound.conf.5.in b/doc/unbound.conf.5.in
index c214e23da87a57f09d0845ae47498aa983147978..06f37d171201955c10e0f00ba42e67f8bd6567b0 100644 (file)
--- a/doc/unbound.conf.5.in
+++ b/doc/unbound.conf.5.in
@@ -608,7 +608,8 @@ externally can create validation failures for that internal domain.
 Default is "" or "0", which disables this debugging feature. If enabled by
 giving a RRSIG style date, that date is used for verifying RRSIG inception
 and expiration dates, instead of the current date. Do not set this unless 
-you are debugging signature inception and expiration.
+you are debugging signature inception and expiration. The value \-1 ignores
+the date altogether, useful for some special applications.
 .TP
 .B val\-sig\-skew\-min: \fI<seconds>
 Minimum number of seconds of clock skew to apply to validated signatures.

diff --git a/validator/val_sigcrypt.c b/validator/val_sigcrypt.c
index 0494058390bd354d316f0c6bf50ea0b8c4bb967f..19e8d031ef9bb5b0cee8aef942a35a6de5497348 100644 (file)
--- a/validator/val_sigcrypt.c
+++ b/validator/val_sigcrypt.c
@@ -1211,6 +1211,10 @@ check_dates(struct val_env* ve, uint32_t unow,
 
        /* get current date */
        if(ve->date_override) {
+               if(ve->date_override == -1) {
+                       verbose(VERB_ALGO, "date override: ignore date"); 
+                       return 1;
+               }
                now = ve->date_override;
                verbose(VERB_ALGO, "date override option %d", (int)now); 
        } else  now = (int32_t)unow;