From: bert hubert <bert.hubert@netherlabs.nl>
Date: Wed, 24 Aug 2016 07:25:30 +0000 (+0200)
Subject: log expired rrsig on dnskeys
X-Git-Tag: rec-4.0.2~11
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=041a58f34265c27a2b00e30fadc43d9bee14b5f2;p=thirdparty%2Fpdns.git

log expired rrsig on dnskeys
---

diff --git a/pdns/validate.cc b/pdns/validate.cc
index e1bf751bb2..83f7b973a1 100644
--- a/pdns/validate.cc
+++ b/pdns/validate.cc
@@ -311,6 +311,9 @@ vState getKeysFor(DNSRecordOracle& dro, const DNSName& zone, keyset_t &keyset)
 	      std::shared_ptr<DNSCryptoKeyEngine> dke = shared_ptr<DNSCryptoKeyEngine>(DNSCryptoKeyEngine::makeFromPublicKeyString(j.d_algorithm, j.d_key));
 	      isValid = dke->verify(msg, i->d_signature);
 	    }
+            else {
+              LOG("Signature on DNSKEY expired"<<endl);
+            }
 	  }
 	  catch(std::exception& e) {
 	    LOG("Could not make a validator for signature: "<<e.what()<<endl);