From: Miek Gieben <miekg@NLnetLabs.nl>
Date: Thu, 1 Jun 2006 10:25:24 +0000 (+0000)
Subject: removed openssl prints from ldns, removed dprintfs from dnssec.c
X-Git-Tag: release-1.1.0~103
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=a4d9e93dbd358965014abb55f173519efbad5ade;p=thirdparty%2Fldns.git

removed openssl prints from ldns, removed dprintfs from dnssec.c

keep a list of trusted keys in tracing
---

diff --git a/dnssec.c b/dnssec.c
index 5ed7c9b9..041ab65f 100644
--- a/dnssec.c
+++ b/dnssec.c
@@ -510,7 +510,6 @@ ldns_verify_rrsig_dsa(ldns_buffer *sig, ldns_buffer *rrset, ldns_buffer *key)
 	if (result == 1) {
 		return LDNS_STATUS_OK;
 	} else {
-		dprintf("error in verify: %d\n", result);
 		return LDNS_STATUS_CRYPTO_BOGUS;
 	}
 }
@@ -535,9 +534,6 @@ ldns_verify_rrsig_rsasha1(ldns_buffer *sig, ldns_buffer *rrset, ldns_buffer *key
 				(unsigned int)ldns_buffer_position(sig), rsakey) == 1) {
 			result = LDNS_STATUS_OK;
 		} else {
-			  ERR_load_crypto_strings();
-			  ERR_print_errors_fp(stdout);
-
 			result = LDNS_STATUS_CRYPTO_BOGUS;
 		}
 	}
@@ -589,7 +585,6 @@ ldns_key_buf2dsa(ldns_buffer *key)
 	offset = 1;
 	
 	if (T > 8) {
-		dprintf("%s\n", "DSA type > 8 not implemented, unable to verify signature");
 		return NULL;
 	}
 	
@@ -869,14 +864,12 @@ ldns_sign_public(ldns_rr_list *rrset, ldns_key_list *keys)
 			
 			if (ldns_rrsig2buffer_wire(sign_buf, current_sig) != LDNS_STATUS_OK) {
 				ldns_buffer_free(sign_buf);
-				dprintf("%s\n", "couldn't convert to buffer 1");
 				/* ERROR */
 				return NULL;
 			}
 			/* add the rrset in sign_buf */
 
 			if (ldns_rr_list2buffer_wire(sign_buf, rrset_clone) != LDNS_STATUS_OK) {
-				dprintf("%s\n", "couldn't convert to buffer 2");
 				ldns_buffer_free(sign_buf);
 				return NULL;
 			}
@@ -897,7 +890,6 @@ ldns_sign_public(ldns_rr_list *rrset, ldns_key_list *keys)
 			}
 			if (!b64rdf) {
 				/* signing went wrong */
-				dprintf("%s", "couldn't sign!\n");
 				return NULL;
 			}
 			ldns_rr_rrsig_set_sig(current_sig, b64rdf);
diff --git a/drill/securetrace.c b/drill/securetrace.c
index 17aafb28..d3cd8cd0 100644
--- a/drill/securetrace.c
+++ b/drill/securetrace.c
@@ -189,7 +189,7 @@ do_secure_trace(ldns_resolver *local_res, ldns_rdf *name, ldns_rr_type t,
 			ldns_resolver_usevc(local_res));
 	ldns_resolver_set_random(res, 
 			ldns_resolver_random(local_res));
-	ldns_resolver_set_recursive(local_res, false);
+	ldns_resolver_set_recursive(local_res, true);
 
 	ldns_resolver_set_recursive(res, false);
 	ldns_resolver_set_dnssec_cd(res, false);
@@ -256,6 +256,8 @@ do_secure_trace(ldns_resolver *local_res, ldns_rdf *name, ldns_rr_type t,
 				if ((st = ldns_verify(key_list, key_sig_list, key_list, NULL)) ==
 						LDNS_STATUS_OK) {
 					print_rr_list_abbr(stdout, key_list, OK);
+
+					ldns_rr_list_push_rr_list(trusted_keys, key_list);
 				} else {
 					print_rr_list_abbr(stdout, key_list, BOGUS);
 				}
@@ -274,7 +276,7 @@ do_secure_trace(ldns_resolver *local_res, ldns_rdf *name, ldns_rr_type t,
 		}
 		if (ds_sig_list) {
 			if (ds_list) {
-				if ((st = ldns_verify(ds_list, ds_sig_list, key_list, NULL)) ==
+				if ((st = ldns_verify(ds_list, ds_sig_list, trusted_keys, NULL)) ==
 						LDNS_STATUS_OK) {
 					print_rr_list_abbr(stdout, ds_list, OK);
 				} else {
@@ -293,5 +295,9 @@ do_secure_trace(ldns_resolver *local_res, ldns_rdf *name, ldns_rr_type t,
 		while((pop = ldns_resolver_pop_nameserver(res))) { /* remove it */ }
 		puts("");
 	}
+/*
+	ldns_rr_list_print(stdout, trusted_keys);
+*/
+
 	return NULL;
 }