* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: validator.c,v 1.179 2009/10/27 22:46:13 each Exp $ */
+/* $Id: validator.c,v 1.180 2009/10/28 05:34:21 each Exp $ */
#include <config.h>
if (isdelegation(tname, &val->frdataset, eresult)) {
if (val->mustbesecure) {
validator_log(val, ISC_LOG_WARNING,
- "must be secure failure");
+ "must be secure failure, no DS"
+ " and this is a delegation");
validator_done(val, DNS_R_MUSTBESECURE);
} else if (val->view->dlv == NULL || DLVTRIED(val)) {
markanswer(val);
if (val->key == NULL) {
if (val->mustbesecure) {
validator_log(val, ISC_LOG_WARNING,
- "must be secure failure");
+ "must be secure failure,"
+ " key is insecure, so mark the"
+ " data as insecure also.");
return (DNS_R_MUSTBESECURE);
}
markanswer(val);
event->rdataset->trust = dns_trust_secure;
event->sigrdataset->trust = dns_trust_secure;
validator_log(val, ISC_LOG_DEBUG(3),
- "marking as secure");
+ "marking as secure, "
+ "noqname proof not needed");
return (result);
} else {
validator_log(val, ISC_LOG_DEBUG(3),
if (result == ISC_R_SUCCESS) {
val->event->rdataset->trust = dns_trust_secure;
val->event->sigrdataset->trust = dns_trust_secure;
- validator_log(val, ISC_LOG_DEBUG(3), "marking as secure");
+ validator_log(val, ISC_LOG_DEBUG(3), "marking as secure (dlv)");
return (result);
} else if (result == ISC_R_NOMORE && !supported_algorithm) {
if (val->mustbesecure) {
validator_log(val, ISC_LOG_WARNING,
- "must be secure failure");
+ "must be secure failure,"
+ "no supported algorithm/digest (dlv)");
return (DNS_R_MUSTBESECURE);
}
validator_log(val, ISC_LOG_DEBUG(3),
if (val->dsset->trust < dns_trust_secure) {
if (val->mustbesecure) {
validator_log(val, ISC_LOG_WARNING,
- "must be secure failure");
+ "must be secure failure,"
+ " insecure DS");
return (DNS_R_MUSTBESECURE);
}
markanswer(val);
if (result == ISC_R_SUCCESS) {
event->rdataset->trust = dns_trust_secure;
event->sigrdataset->trust = dns_trust_secure;
- validator_log(val, ISC_LOG_DEBUG(3), "marking as secure");
+ validator_log(val, ISC_LOG_DEBUG(3), "marking as secure (DS)");
return (result);
} else if (result == ISC_R_NOMORE && !supported_algorithm) {
if (val->mustbesecure) {
validator_log(val, ISC_LOG_WARNING,
- "must be secure failure");
+ "must be secure failure, "
+ "no supported algorithm/digest (DS)");
return (DNS_R_MUSTBESECURE);
}
validator_log(val, ISC_LOG_DEBUG(3),
if ((val->attributes & VALATTR_FOUNDNOQNAME) != 0 &&
(val->attributes & VALATTR_FOUNDCLOSEST) != 0) {
validator_log(val, ISC_LOG_DEBUG(3),
- "noqname proof found");
- validator_log(val, ISC_LOG_DEBUG(3),
- "marking as secure");
+ "marking as secure, noqname proof found");
val->event->rdataset->trust = dns_trust_secure;
val->event->sigrdataset->trust = dns_trust_secure;
return (ISC_R_SUCCESS);
namebuf);
if (dns_name_issubdomain(val->event->name, val->view->dlv)) {
- validator_log(val, ISC_LOG_WARNING, "must be secure failure");
+ validator_log(val, ISC_LOG_WARNING, "must be secure failure, "
+ " %s is under DLV (startfinddlvsep)", namebuf);
return (DNS_R_MUSTBESECURE);
}
INSIST(val->view->dlv != NULL);
if (!resume) {
-
if (dns_name_issubdomain(val->event->name, val->view->dlv)) {
+ dns_name_format(val->event->name, namebuf,
+ sizeof(namebuf));
validator_log(val, ISC_LOG_WARNING,
- "must be secure failure");
+ "must be secure failure, "
+ "%s is under DLV (finddlvsep)", namebuf);
return (DNS_R_MUSTBESECURE);
}
"not beneath secure root");
if (val->mustbesecure) {
validator_log(val, ISC_LOG_WARNING,
- "must be secure failure");
+ "must be secure failure, "
+ "not beneath secure root");
result = DNS_R_MUSTBESECURE;
goto out;
}
if (isdelegation(tname, &val->frdataset, result)) {
if (val->mustbesecure) {
validator_log(val, ISC_LOG_WARNING,
- "must be secure failure");
+ "must be secure failure, "
+ "%s is a delegation",
+ namebuf);
return (DNS_R_MUSTBESECURE);
}
if (val->view->dlv == NULL || DLVTRIED(val)) {
if (val->mustbesecure) {
validator_log(val,
ISC_LOG_WARNING,
- "must be secure failure");
+ "must be secure failure, "
+ "no supported algorithm/"
+ "digest (%s/DS)",
+ namebuf);
result = DNS_R_MUSTBESECURE;
goto out;
}
projects / thirdparty / bind9.git / commitdiff
