From: Willem Toorop Date: Fri, 4 Nov 2011 22:37:46 +0000 (+0000) Subject: Complete setting check_time for validation (and verification). X-Git-Tag: release-1.6.12~46 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2406e755cd6e3ce8ebcfcab7a2b82eb9504b5e67;p=thirdparty%2Fldns.git Complete setting check_time for validation (and verification). --- diff --git a/examples/ldns-verify-zone.1 b/examples/ldns-verify-zone.1 index 092fb213..f4555a79 100644 --- a/examples/ldns-verify-zone.1 +++ b/examples/ldns-verify-zone.1 @@ -28,6 +28,10 @@ Defaults to 100. \fB-h\fR Show usage and exit +.TP +\fB-t\fR \fIYYYYMMDDhhmmss | [+|-]offset\fR +Set the validation time either by an absolute time value or as an offset in seconds from the current time. + .TP \fB-v\fR Show the version and exit diff --git a/examples/ldns-verify-zone.c b/examples/ldns-verify-zone.c index da1c85b2..709ac707 100644 --- a/examples/ldns-verify-zone.c +++ b/examples/ldns-verify-zone.c @@ -644,9 +644,10 @@ main(int argc, char **argv) ldns_status result = LDNS_STATUS_ERR; bool apexonly = false; int percentage = 100; + struct tm tm; time_t check_time = ldns_time(NULL); - while ((c = getopt(argc, argv, "ahvV:p:")) != -1) { + while ((c = getopt(argc, argv, "ahvV:p:t:")) != -1) { switch(c) { case 'a': apexonly = true; @@ -660,11 +661,15 @@ main(int argc, char **argv) printf("It also checks the NSEC(3) chain, but it will " "error on opted-out delegations\n"); printf("\nOPTIONS:\n"); - printf("\t-a apex only, check only the zone apex\n"); - printf("\t-p [0-100] only checks this percentage of " - "the zone. Defaults to 100\n"); - printf("\t-h show this text\n"); - printf("\t-v shows the version and exits\n"); + printf("\t-a\t\tapex only, check only the zone apex\n"); + printf("\t-p [0-100]\tonly checks this percentage of " + "the zone.\n\t\t\tDefaults to 100\n"); + printf("\t-h\t\tshow this text\n"); + printf("\t-t YYYYMMDDhhmmss | [+|-]offset\n\t\t\t" + "Set the validation time either by an " + "absolute time\n\t\t\tvalue or as an offset " + "in seconds from .\n"); + printf("\t-v\t\tshows the version and exits\n"); printf("\t-V [0-5]\tset verbosity level (default 3)\n"); printf("\nif no file is given standard input is " "read\n"); @@ -687,6 +692,19 @@ main(int argc, char **argv) } srandom(time(NULL) ^ getpid()); break; + case 't': + if (strlen(optarg) == 14 && sscanf(optarg, + "%4d%2d%2d%2d%2d%2d", + &tm.tm_year, &tm.tm_mon, + &tm.tm_mday, &tm.tm_hour, + &tm.tm_min, &tm.tm_sec) == 6) { + tm.tm_year -= 1900; + tm.tm_mon--; + check_time = mktime_from_utc(&tm); + } + else { + check_time += atoi(optarg); + } } } diff --git a/ldns_symbols.def b/ldns_symbols.def index 6503bd05..5d0346c6 100644 --- a/ldns_symbols.def +++ b/ldns_symbols.def @@ -32,13 +32,14 @@ ldns_calc_keytag ldns_calc_keytag_raw ldns_cert_algorithm2buffer_str ldns_cert_algorithms -ldns_convert_ecdsa_rrsig_asn12rdf -ldns_convert_ecdsa_rrsig_rdf2asn1 ldns_convert_dsa_rrsig_asn12rdf ldns_convert_dsa_rrsig_rdf2asn1 +ldns_convert_ecdsa_rrsig_asn12rdf +ldns_convert_ecdsa_rrsig_rdf2asn1 ldns_create_empty_rrsig ldns_create_nsec ldns_create_nsec3 +ldns_digest_evp ldns_directive_types ldns_dname2buffer_wire ldns_dname2canonical @@ -76,9 +77,14 @@ ldns_dnssec_default_leave_signatures ldns_dnssec_default_replace_signatures ldns_dnssec_derive_trust_tree ldns_dnssec_derive_trust_tree_dnskey_rrset +ldns_dnssec_derive_trust_tree_dnskey_rrset_time ldns_dnssec_derive_trust_tree_ds_rrset +ldns_dnssec_derive_trust_tree_ds_rrset_time ldns_dnssec_derive_trust_tree_normal_rrset +ldns_dnssec_derive_trust_tree_normal_rrset_time ldns_dnssec_derive_trust_tree_no_sig +ldns_dnssec_derive_trust_tree_no_sig_time +ldns_dnssec_derive_trust_tree_time ldns_dnssec_get_dnskey_for_rrsig ldns_dnssec_get_rrsig_for_name_and_type ldns_dnssec_name_add_rr @@ -160,6 +166,7 @@ ldns_ecdsa2pkey_raw ldns_edns_flags ldns_error_str ldns_fetch_valid_domain_keys +ldns_fetch_valid_domain_keys_time ldns_fget_keyword_data ldns_fget_keyword_data_l ldns_fget_token @@ -181,9 +188,6 @@ ldns_get_rr_list_name_by_addr ldns_get_rr_type_by_name ldns_get_signing_algorithm_by_name ldns_gost2pkey_raw -ldns_digest_evp -ldns_key_EVP_load_gost_id -ldns_key_EVP_unload_gost ldns_hexdigit_to_int ldns_hexstring_to_data ldns_init_random @@ -192,8 +196,8 @@ ldns_is_rrset ldns_key2buffer_str ldns_key2rr ldns_key2str -ldns_key_algo_supported ldns_key_algorithm +ldns_key_algo_supported ldns_key_buf2dsa ldns_key_buf2dsa_raw ldns_key_buf2rsa @@ -201,6 +205,8 @@ ldns_key_buf2rsa_raw ldns_key_deep_free ldns_key_dsa_key ldns_key_evp_key +ldns_key_EVP_load_gost_id +ldns_key_EVP_unload_gost ldns_key_expiration ldns_key_external_key ldns_key_flags @@ -374,6 +380,7 @@ ldns_pkt_tsig_sign_next ldns_pkt_tsig_verify ldns_pkt_tsig_verify_next ldns_pkt_verify +ldns_pkt_verify_time ldns_print_rr_rdf ldns_rbtree_create ldns_rbtree_delete @@ -713,7 +720,9 @@ ldns_update_soa_zone_mname ldns_update_upcount ldns_update_zocount ldns_validate_domain_dnskey +ldns_validate_domain_dnskey_time ldns_validate_domain_ds +ldns_validate_domain_ds_time ldns_verify ldns_verify_notime ldns_verify_rrsig @@ -725,13 +734,17 @@ ldns_verify_rrsig_evp ldns_verify_rrsig_evp_raw ldns_verify_rrsig_keylist ldns_verify_rrsig_keylist_notime +ldns_verify_rrsig_keylist_time ldns_verify_rrsig_rsamd5 ldns_verify_rrsig_rsamd5_raw ldns_verify_rrsig_rsasha1 ldns_verify_rrsig_rsasha1_raw ldns_verify_rrsig_rsasha256_raw ldns_verify_rrsig_rsasha512_raw +ldns_verify_rrsig_time +ldns_verify_time ldns_verify_trusted +ldns_verify_trusted_time ldns_version ldns_wire2dname ldns_wire2pkt