dnssec: fix loading from more keystores if the key not in HSM

author Daniel Salzman <daniel.salzman@nic.cz>

Mon, 13 Oct 2025 14:13:06 +0000 (16:13 +0200)

committer Daniel Salzman <daniel.salzman@nic.cz>

Tue, 14 Oct 2025 12:14:57 +0000 (14:14 +0200)
author Daniel Salzman <daniel.salzman@nic.cz>
Mon, 13 Oct 2025 14:13:06 +0000 (16:13 +0200)
committer Daniel Salzman <daniel.salzman@nic.cz>
Tue, 14 Oct 2025 12:14:57 +0000 (14:14 +0200)
diff --git a/src/knot/dnssec/zone-keys.c b/src/knot/dnssec/zone-keys.c

index 31435dd7ed229a2711f47b8b05f1d6d9387581b7..28fd04c04e45c3688a3e75ab77f65671d8b621da 100644 (file)
--- a/src/knot/dnssec/zone-keys.c
+++ b/src/knot/dnssec/zone-keys.c
@@ -482,7 +482,7 @@ int kdnssec_load_private(knot_kasp_keystore_t *keystores, const char *id,
                           dnssec_key_t *key, const char **name, unsigned *backend)
  {
         int ret = DNSSEC_ENOENT;
-       for (size_t i = 0; i < keystores[0].count && ret == DNSSEC_ENOENT; i++) {
+       for (size_t i = 0; i < keystores[0].count && (ret == DNSSEC_ENOENT || ret == DNSSEC_NOT_FOUND); i++) {
                 ret = dnssec_keystore_get_private(keystores[i].keystore, id, key);
                 if (ret == KNOT_EOK) {
                         if (name != NULL) {
author	Daniel Salzman <daniel.salzman@nic.cz>
	Mon, 13 Oct 2025 14:13:06 +0000 (16:13 +0200)
committer	Daniel Salzman <daniel.salzman@nic.cz>
	Tue, 14 Oct 2025 12:14:57 +0000 (14:14 +0200)