From: Lukáš Ježek <lukas.jezek@nic.cz>
Date: Fri, 7 Aug 2020 09:10:58 +0000 (+0200)
Subject: modules/ta_update: fix broken RFC5011 rollover
X-Git-Tag: v5.1.3~14^2~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e46cfb3d5811709c0521ca2a5223f275558ba446;p=thirdparty%2Fknot-resolver.git

modules/ta_update: fix broken RFC5011 rollover
---

diff --git a/NEWS b/NEWS
index 1a0e21534..ff3fba646 100644
--- a/NEWS
+++ b/NEWS
@@ -14,6 +14,7 @@ Bugfixes
 - validator: ignore bogus RRSIGs present in insecure domains (!1022, #587)
 - build if libsystemd version isn't detected as integer (#592, !1029)
 - validator: more robust reaction on missing RRSIGs (#390, !1020)
+- ta_update module: fix broken RFC5011 rollover (!1035)
 
 
 Knot Resolver 5.1.2 (2020-07-01)
diff --git a/modules/ta_update/ta_update.lua b/modules/ta_update/ta_update.lua
index c49db35ff..496db8511 100644
--- a/modules/ta_update/ta_update.lua
+++ b/modules/ta_update/ta_update.lua
@@ -100,7 +100,10 @@ local function ta_present(keyset, rr, hold_down_time)
 		end
 		return true
 	elseif not key_revoked then -- First time seen (NewKey)
+		rr.state = key_state.AddPend
 		rr.key_tag = key_tag
+		rr.timer = os.time() + hold_down_time
+		table.insert(keyset, rr)
 		return false
 	end
 end