Do not call exit() upon check_bad_algorithms() errors

Replace all fatal() and fprintf() calls inside check_bad_algorithms()
with zoneverify_print() calls and error handling code.  Enable
check_bad_algorithms() to signal errors to the caller using its return
value.

Modify the call site of check_bad_algorithms() so that its errors are
properly handled.

diff --git a/lib/dns/zoneverify.c b/lib/dns/zoneverify.c
index 4d592424c8338531dc941ddb1adf77c70c310b3b..2f724f5931d58563528e547910a7cff5c6579220 100644 (file)
--- a/lib/dns/zoneverify.c
+++ b/lib/dns/zoneverify.c
@@ -1526,26 +1526,31 @@ verify_nodes(vctx_t *vctx, isc_result_t *vresult) {
        dns_dbiterator_destroy(&dbiter);
 }
 
-static void
+static isc_result_t
 check_bad_algorithms(const vctx_t *vctx) {
        char algbuf[DNS_SECALG_FORMATSIZE];
        isc_boolean_t first = ISC_TRUE;
        int i;
 
        for (i = 0; i < 256; i++) {
-               if (vctx->bad_algorithms[i] != 0) {
-                       if (first)
-                               fprintf(stderr, "The zone is not fully signed "
-                                       "for the following algorithms:");
-                       dns_secalg_format(i, algbuf, sizeof(algbuf));
-                       fprintf(stderr, " %s", algbuf);
-                       first = ISC_FALSE;
+               if (vctx->bad_algorithms[i] == 0) {
+                       continue;
+               }
+               if (first) {
+                       zoneverify_print(vctx,
+                                        "The zone is not fully signed for "
+                                        "the following algorithms:");
                }
+               dns_secalg_format(i, algbuf, sizeof(algbuf));
+               zoneverify_print(vctx, " %s", algbuf);
+               first = ISC_FALSE;
        }
+
        if (!first) {
-               fprintf(stderr, ".\n");
-               fatal("DNSSEC completeness test failed.");
+               zoneverify_print(vctx, ".\n");
        }
+
+       return (first ? ISC_R_SUCCESS : ISC_R_FAILURE);
 }
 
 static void
@@ -1619,7 +1624,11 @@ dns_zoneverify_dnssec(dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *ver,
        if (result != ISC_R_SUCCESS && vresult == ISC_R_SUCCESS)
                vresult = result;
 
-       check_bad_algorithms(&vctx);
+       result = check_bad_algorithms(&vctx);
+       if (result != ISC_R_SUCCESS) {
+               zoneverify_print(&vctx, "DNSSEC completeness test failed.\n");
+               goto done;
+       }
 
        if (vresult != ISC_R_SUCCESS)
                fatal("DNSSEC completeness test failed (%s).",