From 041a58f34265c27a2b00e30fadc43d9bee14b5f2 Mon Sep 17 00:00:00 2001
From: bert hubert <bert.hubert@netherlabs.nl>
Date: Wed, 24 Aug 2016 09:25:30 +0200
Subject: [PATCH] log expired rrsig on dnskeys

---
 pdns/validate.cc | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/pdns/validate.cc b/pdns/validate.cc
index e1bf751bb2..83f7b973a1 100644
--- a/pdns/validate.cc
+++ b/pdns/validate.cc
@@ -311,6 +311,9 @@ vState getKeysFor(DNSRecordOracle& dro, const DNSName& zone, keyset_t &keyset)
 	      std::shared_ptr<DNSCryptoKeyEngine> dke = shared_ptr<DNSCryptoKeyEngine>(DNSCryptoKeyEngine::makeFromPublicKeyString(j.d_algorithm, j.d_key));
 	      isValid = dke->verify(msg, i->d_signature);
 	    }
+            else {
+              LOG("Signature on DNSKEY expired"<<endl);
+            }
 	  }
 	  catch(std::exception& e) {
 	    LOG("Could not make a validator for signature: "<<e.what()<<endl);
-- 
2.47.2