Extract check_bad_algorithms() from dns_zoneverify_dnssec()

Extract the part of dns_zoneverify_dnssec() responsible for checking
whether the zone is fully signed using all active algorithms to a
separate function.

diff --git a/lib/dns/zoneverify.c b/lib/dns/zoneverify.c
index e3668c5a39f18e2306f99e1167d5369415087d01..7568d1ab3f0b35e92761356cb92293e7914325fe 100644 (file)
--- a/lib/dns/zoneverify.c
+++ b/lib/dns/zoneverify.c
@@ -1473,6 +1473,28 @@ verify_nodes(vctx_t *vctx, isc_result_t *vresult) {
        dns_dbiterator_destroy(&dbiter);
 }
 
+static void
+check_bad_algorithms(const vctx_t *vctx) {
+       char algbuf[DNS_SECALG_FORMATSIZE];
+       isc_boolean_t first = ISC_TRUE;
+       int i;
+
+       for (i = 0; i < 256; i++) {
+               if (vctx->bad_algorithms[i] != 0) {
+                       if (first)
+                               fprintf(stderr, "The zone is not fully signed "
+                                       "for the following algorithms:");
+                       dns_secalg_format(i, algbuf, sizeof(algbuf));
+                       fprintf(stderr, " %s", algbuf);
+                       first = ISC_FALSE;
+               }
+       }
+       if (!first) {
+               fprintf(stderr, ".\n");
+               fatal("DNSSEC completeness test failed.");
+       }
+}
+
 void
 dns_zoneverify_dnssec(dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *ver,
                      dns_name_t *origin, isc_mem_t *mctx,
@@ -1481,7 +1503,6 @@ dns_zoneverify_dnssec(dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *ver,
 {
        char algbuf[80];
        int i;
-       isc_boolean_t first = ISC_TRUE;
        isc_result_t result, vresult = ISC_R_UNSET;
        vctx_t vctx;
 
@@ -1511,24 +1532,7 @@ dns_zoneverify_dnssec(dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *ver,
        if (result != ISC_R_SUCCESS && vresult == ISC_R_SUCCESS)
                vresult = result;
 
-       /*
-        * If we made it this far, we have what we consider a properly signed
-        * zone.  Set the good flag.
-        */
-       for (i = 0; i < 256; i++) {
-               if (vctx.bad_algorithms[i] != 0) {
-                       if (first)
-                               fprintf(stderr, "The zone is not fully signed "
-                                       "for the following algorithms:");
-                       dns_secalg_format(i, algbuf, sizeof(algbuf));
-                       fprintf(stderr, " %s", algbuf);
-                       first = ISC_FALSE;
-               }
-       }
-       if (!first) {
-               fprintf(stderr, ".\n");
-               fatal("DNSSEC completeness test failed.");
-       }
+       check_bad_algorithms(&vctx);
 
        if (vresult != ISC_R_SUCCESS)
                fatal("DNSSEC completeness test failed (%s).",