From: Wouter Wijngaards <wouter@nlnetlabs.nl>
Date: Fri, 8 Apr 2011 14:06:46 +0000 (+0000)
Subject: val-override-date: -1 ignores dates entirely, for NTP usage.
X-Git-Tag: release-1.4.11rc1~18
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3922eed584dbaff00711b2eeb3dff73c2ed22cab;p=thirdparty%2Funbound.git

val-override-date: -1 ignores dates entirely, for NTP usage.


git-svn-id: file:///svn/unbound/trunk@2410 be551aaa-1e26-0410-a405-d3ace91eadb9
---

diff --git a/doc/Changelog b/doc/Changelog
index da9e0767a..887e4e832 100644
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -4,6 +4,7 @@
 	  not withheld if it is bogus.  Thus, unbound will retry if it is bad
 	  and curb the TTL if it is bad, thus protecting the cache for use by
 	  downstream validators.
+	- val-override-date: -1 ignores dates entirely, for NTP usage.
 
 29 March 2011: Wouter
 	- harden-below-nxdomain: changed so that it activates when the
diff --git a/doc/example.conf.in b/doc/example.conf.in
index 3bd541cbf..8f2567ecf 100644
--- a/doc/example.conf.in
+++ b/doc/example.conf.in
@@ -352,7 +352,7 @@ server:
 
 	# Override the date for validation with a specific fixed date.
 	# Do not set this unless you are debugging signature inception
-	# and expiration. "" or "0" turns the feature off. 
+	# and expiration. "" or "0" turns the feature off. -1 ignores date.
 	# val-override-date: ""
 
 	# The time to live for bogus data, rrsets and messages. This avoids
diff --git a/doc/unbound.conf.5.in b/doc/unbound.conf.5.in
index c214e23da..06f37d171 100644
--- a/doc/unbound.conf.5.in
+++ b/doc/unbound.conf.5.in
@@ -608,7 +608,8 @@ externally can create validation failures for that internal domain.
 Default is "" or "0", which disables this debugging feature. If enabled by
 giving a RRSIG style date, that date is used for verifying RRSIG inception
 and expiration dates, instead of the current date. Do not set this unless 
-you are debugging signature inception and expiration.
+you are debugging signature inception and expiration. The value \-1 ignores
+the date altogether, useful for some special applications.
 .TP
 .B val\-sig\-skew\-min: \fI<seconds>
 Minimum number of seconds of clock skew to apply to validated signatures.
diff --git a/validator/val_sigcrypt.c b/validator/val_sigcrypt.c
index 049405839..19e8d031e 100644
--- a/validator/val_sigcrypt.c
+++ b/validator/val_sigcrypt.c
@@ -1211,6 +1211,10 @@ check_dates(struct val_env* ve, uint32_t unow,
 
 	/* get current date */
 	if(ve->date_override) {
+		if(ve->date_override == -1) {
+			verbose(VERB_ALGO, "date override: ignore date"); 
+			return 1;
+		}
 		now = ve->date_override;
 		verbose(VERB_ALGO, "date override option %d", (int)now); 
 	} else	now = (int32_t)unow;