* The variables to update are chosen based on 'is_ksk', which is true when
* 'dnskey' is a KSK and false otherwise.
*/
-static isc_result_t
+static void
check_dnskey_sigs(vctx_t *vctx, const dns_rdata_dnskey_t *dnskey,
dns_rdata_t *rdata, bool is_ksk)
{
standby_keys = (is_ksk ? vctx->standby_ksk : vctx->standby_zsk);
goodkey = (is_ksk ? &vctx->goodksk : &vctx->goodzsk);
- if (dns_dnssec_selfsigns(rdata, vctx->origin, &vctx->keyset,
+ if (!dns_dnssec_selfsigns(rdata, vctx->origin, &vctx->keyset,
&vctx->keysigs, false, vctx->mctx))
{
- if (active_keys[dnskey->algorithm] != 255) {
- active_keys[dnskey->algorithm]++;
- }
- } else if (!is_ksk &&
- dns_dnssec_signs(rdata, vctx->origin, &vctx->soaset,
- &vctx->soasigs, false, vctx->mctx))
- {
- if (active_keys[dnskey->algorithm] != 255) {
- active_keys[dnskey->algorithm]++;
- }
- return (ISC_R_SUCCESS);
- } else {
- if (standby_keys[dnskey->algorithm] != 255) {
- standby_keys[dnskey->algorithm]++;
+ if (!is_ksk &&
+ dns_dnssec_signs(rdata, vctx->origin, &vctx->soaset,
+ &vctx->soasigs, false, vctx->mctx))
+ {
+ if (active_keys[dnskey->algorithm] != 255) {
+ active_keys[dnskey->algorithm]++;
+ }
+ } else {
+ if (standby_keys[dnskey->algorithm] != 255) {
+ standby_keys[dnskey->algorithm]++;
+ }
}
- return (ISC_R_SUCCESS);
+ return;
+ }
+
+ if (active_keys[dnskey->algorithm] != 255) {
+ active_keys[dnskey->algorithm]++;
}
/*
*/
if (vctx->secroots == NULL) {
*goodkey = true;
- return (ISC_R_SUCCESS);
+ return;
}
/*
result = dns_dnssec_keyfromrdata(vctx->origin, rdata, vctx->mctx,
&key);
if (result != ISC_R_SUCCESS) {
- return (result);
+ goto cleanup;
}
result = dns_keytable_findkeynode(vctx->secroots, vctx->origin,
* No such trust anchor.
*/
if (result != ISC_R_SUCCESS) {
- if (result == DNS_R_PARTIALMATCH || result == ISC_R_NOTFOUND) {
- result = ISC_R_SUCCESS;
- }
-
goto cleanup;
}
if (key != NULL) {
dst_key_free(&key);
}
- return (ISC_R_SUCCESS);
}
/*%
projects / thirdparty / bind9.git / commitdiff
