TLS setting of primaries with catalog zones where being ignored

Extract the tlss values if present from the ipkeylist entry and add
the resulting tls setting to the constructed configuration for the
primary.

When comparing catalog zone entries for reuse also check the
masters.tlss values for equality.

diff --git a/lib/dns/catz.c b/lib/dns/catz.c
index 1b0128dbd00096d04dff5eb6614c9931d1b3c00b..8c375084f537a015ceaa6189a9bf043b3545a96a 100644 (file)
--- a/lib/dns/catz.c
+++ b/lib/dns/catz.c
@@ -379,6 +379,20 @@ dns_catz_entry_cmp(const dns_catz_entry_t *ea, const dns_catz_entry_t *eb) {
                }
        }
 
+       for (size_t i = 0; i < eb->opts.masters.count; i++) {
+               if ((ea->opts.masters.tlss[i] == NULL) !=
+                   (eb->opts.masters.tlss[i] == NULL)) {
+                       return (false);
+               }
+               if (ea->opts.masters.tlss[i] == NULL) {
+                       continue;
+               }
+               if (!dns_name_equal(ea->opts.masters.tlss[i],
+                                   eb->opts.masters.tlss[i])) {
+                       return (false);
+               }
+       }
+
        /* If one is NULL and the other isn't, the entries don't match */
        if ((ea->opts.allow_query == NULL) != (eb->opts.allow_query == NULL)) {
                return (false);
@@ -1974,6 +1988,15 @@ dns_catz_generate_zonecfg(dns_catz_zone_t *zone, dns_catz_entry_t *entry,
                                goto cleanup;
                        }
                }
+
+               if (entry->opts.masters.tlss[i] != NULL) {
+                       isc_buffer_putstr(buffer, " tls ");
+                       result = dns_name_totext(entry->opts.masters.tlss[i],
+                                                true, buffer);
+                       if (result != ISC_R_SUCCESS) {
+                               goto cleanup;
+                       }
+               }
                isc_buffer_putstr(buffer, "; ");
        }
        isc_buffer_putstr(buffer, "}; ");