The option `update-check-ksk` will look if both KSK and ZSK are
available before signing records. It will make sure the keys are
active and available. However, for operational practices keys may
be offline. This commit relaxes the update-check-ksk check and will
mark a key that is offline to be available when adding signature
tasks.
+5209. [bug] When update-check-ksk is true, add_sigs was not
+ considering offline keys, leaving record sets signed
+ with the incorrect type key. [GL #763]
+
5208. [test] Run valid rdata wire encodings through totext+fromtext
and tofmttext+fromtext methods to check these methods.
[GL #899]
if (!dst_key_isprivate(zone_keys[i])) {
continue;
}
- /*
- * Should be redundant.
- */
if (dst_key_inactive(zone_keys[i])) {
continue;
}
{
continue;
}
- if (!dst_key_isprivate(zone_keys[j])) {
- continue;
- }
- /*
- * Should be redundant.
+ /* Don't consider inactive keys, however
+ * the key may be temporary offline, so do
+ * consider keys which private key files are
+ * unavailable.
*/
if (dst_key_inactive(zone_keys[j])) {
continue;
projects / thirdparty / bind9.git / commitdiff
