error on -TD when no ssl support

diff --git a/drill/drill.1 b/drill/drill.1
index 1a6e0319a5ae1fef63b18db7d1d4c2c23840ad56..64e850cd481b051500fff090878a6a461be95024 100644 (file)
--- a/drill/drill.1
+++ b/drill/drill.1
@@ -58,6 +58,7 @@ only available when ldns has been compiled with openssl-support.
 .TP
 \fBdrill -TD www.example.com\fR
 Do a DNSSEC (-D) trace (-T) from the rootservers down to www.example.com.
+This option only works when ldns has been compiled with openssl support.
 
 .TP
 \fBdrill -s dnskey jelte.nlnetlabs.nl\fR

diff --git a/drill/drill.c b/drill/drill.c
index ee56598f770adebcee571cd5530ed0ad02e1dc1c..8c300303a1ac29651e8da8e2b4ff8c33dc720828 100644 (file)
--- a/drill/drill.c
+++ b/drill/drill.c
@@ -389,10 +389,15 @@ main(int argc, char *argv[])
 
        /* do a secure trace when requested */
        if (PURPOSE == DRILL_TRACE && qdnssec) {
+#ifdef HAVE_SSL
                if (ldns_rr_list_rr_count(key_list) == 0) {
                        warning("%s", "No trusted keys were given. Will not be able to verify authenticity!");
                }
                PURPOSE = DRILL_SECTRACE;
+#else
+               fprintf(stderr, "ldns has not been compiled with OpenSSL support. Secure trace not available\n");
+               exit(1);
+#endif /* HAVE_SSL */
        }
 
        /* parse the arguments, with multiple arguments, the last argument
@@ -546,7 +551,6 @@ main(int argc, char *argv[])
                case DRILL_TRACE:
                        /* do a trace from the root down */
                        if (!global_dns_root) {
-
                                init_root();
                        }
                        qname = ldns_dname_new_frm_str(name);