]> git.ipfire.org Git - thirdparty/knot-resolver.git/commitdiff
layer/validate: trust anchors are loaded from the configuration file
authorKarel Slany <karel.slany@nic.cz>
Fri, 21 Aug 2015 10:18:59 +0000 (12:18 +0200)
committerKarel Slany <karel.slany@nic.cz>
Fri, 21 Aug 2015 10:18:59 +0000 (12:18 +0200)
The hard-wired root trust anchor was removed.

lib/layer/validate.c

index 904bb08eb1d9600142b570e4510c12cd91906528..85a5237f56b2e9179abe208830d1fd7df3b36c85 100644 (file)
@@ -397,7 +397,7 @@ static int validate(knot_layer_t *ctx, knot_pkt_t *pkt)
                        DEBUG_MSG(qry, "Missing trust anchor.\n");
 #warning TODO: the trust anchor must be fetched from a configurable storage
                        if (qry->zone_cut.name[0] == '\0') {
-                               kr_ta_parse(&qry->zone_cut.trust_anchor, ROOT_TA, qry->zone_cut.pool);
+                               kr_ta_get(&qry->zone_cut.trust_anchor, &global_trust_anchors, ROOT_NAME, qry->zone_cut.pool);
                        }
                }
 
@@ -550,8 +550,8 @@ int validate_init(struct kr_module *module)
        if (ret != 0) {
                return ret;
        }
-       /* Add root trust anchor. */
-       ret = kr_ta_add(&global_trust_anchors, ROOT_TA);
+//     /* Add root trust anchor. */
+//     ret = kr_ta_add(&global_trust_anchors, ROOT_TA);
        if (ret != 0) {
                return ret;
        }