- zonemd, fix order of bogus printout string manipulation.

diff --git a/doc/Changelog b/doc/Changelog
index c1548dd675b5e601445faa94213535c31328a5ed..3ec77a522d1e4abd0b82bfe59a82f8948a48b15c 100644 (file)
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -4,6 +4,7 @@
          and udp send, they are visible at higher verbosity settings.
        - Fix zonemd verification of key that is not in DNS but in the zone
          and needs a chain of trust.
+       - zonemd, fix order of bogus printout string manipulation.
 
 12 August 2021: George
        - Merge PR #514, from ziollek: Docker environment for run tests.

diff --git a/services/authzone.c b/services/authzone.c
index 71b0331cae9996141a92508ff68f794968a1e4f9..d4a17f06eef6d3ec441042611c427344120be71c 100644 (file)
--- a/services/authzone.c
+++ b/services/authzone.c
@@ -8104,7 +8104,7 @@ auth_zone_verify_zonemd_key_with_ds(struct auth_zone* z,
        keystorage->rk.dname_len = apex->namelen;
        keystorage->rk.type = htons(LDNS_RR_TYPE_DNSKEY);
        keystorage->rk.rrset_class = htons(z->dclass);
-       auth_zone_log(z->name, VERB_QUERY, "zonemd: verify zone's DNSKEY with DS");
+       auth_zone_log(z->name, VERB_QUERY, "zonemd: verify zone DNSKEY with DS");
        sec = val_verify_DNSKEY_with_DS(env, ve, keystorage, ds, NULL,
                why_bogus, NULL);
        regional_free_all(env->scratch);
@@ -8117,11 +8117,11 @@ auth_zone_verify_zonemd_key_with_ds(struct auth_zone* z,
        } else {
                /* bogus */
                *is_insecure = 0;
+               if(*why_bogus == NULL)
+                       *why_bogus = "verify failed";
                auth_zone_log(z->name, VERB_ALGO,
                        "zonemd: verify DNSKEY RRset with DS failed: %s",
                        *why_bogus);
-               if(*why_bogus == NULL)
-                       *why_bogus = "verify failed";
        }
        return NULL;
 }