]> git.ipfire.org Git - thirdparty/bind9.git/commitdiff
projects / thirdparty / bind9.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: bf65f72)
Do not call exit() upon dns_zoneverify_dnssec() errors
authorMichał Kępień <michal@isc.org>
Fri, 15 Jun 2018 07:59:20 +0000 (09:59 +0200)
committerMichał Kępień <michal@isc.org>
Fri, 15 Jun 2018 08:36:47 +0000 (10:36 +0200)
Replace the remaining fatal() calls inside dns_zoneverify_dnssec() with
zoneverify_log_error() and zoneverify_print() calls, ensuring proper
cleanup.

lib/dns/zoneverify.c patch | blob | blame | history

diff --git a/lib/dns/zoneverify.c b/lib/dns/zoneverify.c
index b83157a6f34e7f6ccc5c8f3e52836e97522a90f6..b6eb433f9e2dcc4732345de8a7f095cb35e36657 100644 (file)
--- a/lib/dns/zoneverify.c
+++ b/lib/dns/zoneverify.c
@@ -1837,12 +1837,18 @@ dns_zoneverify_dnssec(dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *ver,
                goto done;
        }
 
-       if (ignore_kskflag ) {
-               if (!vctx.goodksk && !vctx.goodzsk)
-                       fatal("No self-signed DNSKEY found.");
-       } else if (!vctx.goodksk)
-               fatal("No self-signed KSK DNSKEY found.  Supply an active\n"
-                     "key with the KSK flag set, or use '-P'.");
+       if (ignore_kskflag) {
+               if (!vctx.goodksk && !vctx.goodzsk) {
+                       zoneverify_log_error(&vctx,
+                                            "No self-signed DNSKEY found");
+                       result = ISC_R_FAILURE;
+                       goto done;
+               }
+       } else if (!vctx.goodksk) {
+               zoneverify_log_error(&vctx, "No self-signed KSK DNSKEY found");
+               result = ISC_R_FAILURE;
+               goto done;
+       }
 
        determine_active_algorithms(&vctx, ignore_kskflag, keyset_kskonly);
 
@@ -1863,9 +1869,13 @@ dns_zoneverify_dnssec(dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *ver,
                goto done;
        }
 
-       if (vresult != ISC_R_SUCCESS)
-               fatal("DNSSEC completeness test failed (%s).",
-                     dns_result_totext(vresult));
+       result = vresult;
+       if (result != ISC_R_SUCCESS) {
+               zoneverify_print(&vctx,
+                                "DNSSEC completeness test failed (%s).\n",
+                                dns_result_totext(result));
+               goto done;
+       }
 
        if (vctx.goodksk || ignore_kskflag) {
                print_summary(&vctx, keyset_kskonly);
Mirror of https://gitlab.isc.org/isc-projects/bind9.git