From: Jelte Jansen <jeltejan@NLnetLabs.nl>
Date: Fri, 16 Sep 2005 10:07:51 +0000 (+0000)
Subject: fixed error message when not specifying trusted keys in drill chase
X-Git-Tag: release-1.0.0~124
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0eb185b8e2e698e660086ae16fb778c3d88e41ee;p=thirdparty%2Fldns.git

fixed error message when not specifying trusted keys in drill chase
---

diff --git a/Makefile.in b/Makefile.in
index b7714b71..5b578f31 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -92,8 +92,10 @@ doc:		doc/function_manpages
 		grep -v ^doxygen | grep -v ^cat  > doc/ldns_manpages
 
 install:	install-h install-lib install-progs install-doc
+		( cd drill ; make install )
 
 uninstall:	uninstall-doc uninstall-h uninstall-lib uninstall-progs
+		( cd drill ; make uninstall )
 
 destclean:	uninstall
 
diff --git a/dnssec.c b/dnssec.c
index 17c51aec..7e5f75cd 100644
--- a/dnssec.c
+++ b/dnssec.c
@@ -82,21 +82,26 @@ ldns_verify(ldns_rr_list *rrset, ldns_rr_list *rrsig, ldns_rr_list *keys, ldns_r
 	bool valid;
 	ldns_status verify_result = LDNS_STATUS_ERR;
 
+printf("yo1\n");
 	if (!rrset || !rrsig || !keys) {
 		return LDNS_STATUS_ERR;
 	}
 
 	valid = false;
 	
-printf("Verify sig rr:\n");
-ldns_rr_list_print(stdout, rrsig);
-
-	for (i = 0; i < ldns_rr_list_rr_count(rrsig); i++) {
+printf("yo2\n");
+	if (ldns_rr_list_rr_count(keys) < 1) {
+printf("yo3\n");
+		verify_result = LDNS_STATUS_CRYPTO_NO_TRUSTED_DNSKEY;
+	} else {
+printf("yo4\n");
+		for (i = 0; i < ldns_rr_list_rr_count(rrsig); i++) {
 
-		verify_result = ldns_verify_rrsig_keylist(rrset,
-				ldns_rr_list_rr(rrsig, i),
-				keys,
-				good_keys);
+			verify_result = ldns_verify_rrsig_keylist(rrset,
+					ldns_rr_list_rr(rrsig, i),
+					keys,
+					good_keys);
+		}
 	}
 	return verify_result;
 }
@@ -313,9 +318,6 @@ ldns_verify_rrsig(ldns_rr_list *rrset, ldns_rr *rrsig, ldns_rr *key)
 		return LDNS_STATUS_ERR;
 	}
 
-printf("signature to verify:\n");
-ldns_rr_print(stdout, rrsig);
-
 	/* check the signature time stamps */
 	inception = ldns_rdf2native_time_t(ldns_rr_rrsig_inception(rrsig));
 	expiration = ldns_rdf2native_time_t(ldns_rr_rrsig_expiration(rrsig));
@@ -465,12 +467,6 @@ ldns_verify_rrsig_dsa(ldns_buffer *sig, ldns_buffer *rrset, ldns_buffer *key)
 	(void) BN_bin2bn((unsigned char*)ldns_buffer_at(sig, 1), SHA_DIGEST_LENGTH, R);
 	S = BN_new();
 	(void) BN_bin2bn((unsigned char*)ldns_buffer_at(sig, 21), SHA_DIGEST_LENGTH, S);
-printf("VERIFY:\n");
-printf("R: ");
-BN_print_fp(stdout, R);
-printf("\nS: ");
-BN_print_fp(stdout, S);
-printf("\n");
 
 	dsasig = DSA_SIG_new();
 	if (!dsasig) {
@@ -905,15 +901,6 @@ ldns_sign_public_dsa(ldns_buffer *to_sign, DSA *key)
 
 	sigdata_rdf = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64,  1 + 2 * SHA_DIGEST_LENGTH, data);
 
-printf("Signing: \n");
-printf("R: ");
-BN_print_fp(stdout, sig->r);
-printf("\nS: ");
-BN_print_fp(stdout, sig->s);
-printf("\n\rdf: ");
-ldns_rdf_print(stdout, sigdata_rdf);
-printf("\n");
-
 	ldns_buffer_free(b64sig);
 	LDNS_FREE(data);
 
diff --git a/drill/chasetrace.c b/drill/chasetrace.c
index 5b090df4..3b48ec0f 100644
--- a/drill/chasetrace.c
+++ b/drill/chasetrace.c
@@ -311,6 +311,11 @@ do_chase(ldns_resolver *res, ldns_rdf *name, ldns_rr_type type, ldns_rr_class c,
 		return LDNS_STATUS_EMPTY_LABEL;
 	}
 	
+	if (!trusted_keys || ldns_rr_list_rr_count(trusted_keys) < 1) {
+		mesg("No trusted keys specified\n");
+		return LDNS_STATUS_CRYPTO_NO_TRUSTED_DNSKEY;
+	}
+	
 	if (pkt) {
 		rrset = ldns_pkt_rr_list_by_name_and_type(pkt,
 				name,