Fix bug in dns_keymgr_offline

If the ZSK has lifetime unlimited, the timing metadata "Inactive" and
"Delete" cannot be found and is treated as an error. Fix by allowing
these metadata to not exist.

diff --git a/lib/dns/keymgr.c b/lib/dns/keymgr.c
index 782941c3960d7efb046fb70a7cc649aada4dc79f..97d7b1816cab07080973bcd44f44210eb400c418 100644 (file)
--- a/lib/dns/keymgr.c
+++ b/lib/dns/keymgr.c
@@ -2694,7 +2694,8 @@ dns_keymgr_offline(const dns_name_t *origin, dns_dnsseckeylist_t *keyring,
                isc_stdtime_t lastchange = 0, nextchange = 0;
                dst_key_state_t dnskey_state = HIDDEN, zrrsig_state = HIDDEN,
                                goal_state = HIDDEN;
-               dst_key_state_t current_dnskey, current_zrrsig, current_goal;
+               dst_key_state_t current_dnskey = HIDDEN,
+                               current_zrrsig = HIDDEN, current_goal = HIDDEN;
 
                (void)dst_key_role(dkey->key, &ksk, &zsk);
                if (ksk || !zsk) {
@@ -2713,9 +2714,8 @@ dns_keymgr_offline(const dns_name_t *origin, dns_dnsseckeylist_t *keyring,
                RETERR(dst_key_gettime(dkey->key, DST_TIME_PUBLISH,
                                       &published));
                RETERR(dst_key_gettime(dkey->key, DST_TIME_ACTIVATE, &active));
-               RETERR(dst_key_gettime(dkey->key, DST_TIME_INACTIVE,
-                                      &inactive));
-               RETERR(dst_key_gettime(dkey->key, DST_TIME_DELETE, &remove));
+               (void)dst_key_gettime(dkey->key, DST_TIME_INACTIVE, &inactive);
+               (void)dst_key_gettime(dkey->key, DST_TIME_DELETE, &remove);
 
                /* Determine key states from the metadata. */
                if (active <= now) {
@@ -2750,7 +2750,7 @@ dns_keymgr_offline(const dns_name_t *origin, dns_dnsseckeylist_t *keyring,
                        goal_state = OMNIPRESENT;
                }
 
-               if (inactive <= now) {
+               if (inactive > 0 && inactive <= now) {
                        dns_ttl_t ttlsig = dns_kasp_zonemaxttl(kasp, true);
                        ttlsig += dns_kasp_zonepropagationdelay(kasp);
                        if ((inactive + ttlsig) <= now) {
@@ -2766,7 +2766,7 @@ dns_keymgr_offline(const dns_name_t *origin, dns_dnsseckeylist_t *keyring,
                        goal_state = HIDDEN;
                }
 
-               if (remove <= now) {
+               if (remove > 0 && remove <= now) {
                        dns_ttl_t key_ttl = dst_key_getttl(dkey->key);
                        key_ttl += dns_kasp_zonepropagationdelay(kasp);
                        if ((remove + key_ttl) <= now) {