modules/ta_update: fix broken RFC5011 rollover

author Lukáš Ježek <lukas.jezek@nic.cz>

Fri, 7 Aug 2020 09:10:58 +0000 (11:10 +0200)

committer Petr Špaček <petr.spacek@nic.cz>

Thu, 13 Aug 2020 10:18:36 +0000 (12:18 +0200)
author Lukáš Ježek <lukas.jezek@nic.cz>
Fri, 7 Aug 2020 09:10:58 +0000 (11:10 +0200)
committer Petr Špaček <petr.spacek@nic.cz>
Thu, 13 Aug 2020 10:18:36 +0000 (12:18 +0200)
diff --git a/NEWS b/NEWS

index 1a0e215343959d401c30fbf1d36f4a645349dc86..ff3fba646d8c3b33931c4098b381720045bde5c4 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -14,6 +14,7 @@ Bugfixes
  - validator: ignore bogus RRSIGs present in insecure domains (!1022, #587)
  - build if libsystemd version isn't detected as integer (#592, !1029)
  - validator: more robust reaction on missing RRSIGs (#390, !1020)
+- ta_update module: fix broken RFC5011 rollover (!1035)
  
  
  Knot Resolver 5.1.2 (2020-07-01)
diff --git a/modules/ta_update/ta_update.lua b/modules/ta_update/ta_update.lua

index c49db35ff3972a15bb06e24fb43999e825dca3cf..496db8511169ce901b13008058fcfedf544a8f07 100644 (file)
--- a/modules/ta_update/ta_update.lua
+++ b/modules/ta_update/ta_update.lua
@@ -100,7 +100,10 @@ local function ta_present(keyset, rr, hold_down_time)
                 end
                 return true
         elseif not key_revoked then -- First time seen (NewKey)
+               rr.state = key_state.AddPend
                 rr.key_tag = key_tag
+               rr.timer = os.time() + hold_down_time
+               table.insert(keyset, rr)
                 return false
         end
  end
author	Lukáš Ježek <lukas.jezek@nic.cz>
	Fri, 7 Aug 2020 09:10:58 +0000 (11:10 +0200)
committer	Petr Špaček <petr.spacek@nic.cz>
	Thu, 13 Aug 2020 10:18:36 +0000 (12:18 +0200)
NEWS		patch \| blob \| blame \| history
modules/ta_update/ta_update.lua		patch \| blob \| blame \| history