zonemd: fix reporting error when verify fails on load

diff --git a/src/knot/events/handlers/load.c b/src/knot/events/handlers/load.c
index 00492abd8b9c0047d18f7e2ccf10135af11273c7..a1fcdd4fca8959d2d92b8cccfbe52cb0b179bb5e 100644 (file)
--- a/src/knot/events/handlers/load.c
+++ b/src/knot/events/handlers/load.c
@@ -248,6 +248,12 @@ int event_load(conf_t *conf, zone_t *zone)
                goto cleanup;
        }
 
+       bool zf_serial_updated = (zf_conts != NULL && zone_contents_serial(zf_conts) != zone_contents_serial(zone->contents));
+
+       // The contents are already part of zone_update.
+       zf_conts = NULL;
+       journal_conts = NULL;
+
        ret = zone_update_verify_digest(conf, &up);
        if (ret != KNOT_EOK) {
                goto cleanup;
@@ -255,8 +261,7 @@ int event_load(conf_t *conf, zone_t *zone)
 
        uint32_t middle_serial = zone_contents_serial(up.new_cont);
 
-       if (do_diff && old_contents_exist && dnssec_enable && zf_conts != NULL &&
-           zone_contents_serial(zf_conts) != zone_contents_serial(zone->contents) &&
+       if (do_diff && old_contents_exist && dnssec_enable && zf_serial_updated &&
            !zone_in_journal_exists) {
                ret = zone_update_start_extra(&up, conf);
                if (ret != KNOT_EOK) {
@@ -264,10 +269,6 @@ int event_load(conf_t *conf, zone_t *zone)
                }
        }
 
-       // The contents are already part of zone_update.
-       zf_conts = NULL;
-       journal_conts = NULL;
-
        // Sign zone using DNSSEC if configured.
        zone_sign_reschedule_t dnssec_refresh = { 0 };
        if (dnssec_enable) {