From: Vladimír Čunát Date: Mon, 6 Feb 2017 13:10:11 +0000 (+0100) Subject: trust anchors: nitpicks X-Git-Tag: v1.3.0~23^2~83^2~3 X-Git-Url: http://git.ipfire.org/gitweb/?a=commitdiff_plain;h=4cbf04ab3ed9df5952263d86b19354504905afdb;p=thirdparty%2Fknot-resolver.git trust anchors: nitpicks - printing refresh time in milliseconds could've been confusing; - move syntactic sugar definitions close to the rest of the table; --- diff --git a/daemon/lua/sandbox.lua b/daemon/lua/sandbox.lua index 4a5b3cb6d..e08f4482e 100644 --- a/daemon/lua/sandbox.lua +++ b/daemon/lua/sandbox.lua @@ -129,15 +129,6 @@ setmetatable(cache, { end }) --- Syntactic sugar for TA store -setmetatable(trust_anchors, { - __newindex = function (t,k,v) - if k == 'file' then t.config(v) - elseif k == 'negative' then t.set_insecure(v) - else rawset(t, k, v) end - end, -}) - -- Register module in Lua environment function modules_register(module) -- Syntactic sugar for get() and set() properties diff --git a/daemon/lua/trust_anchors.lua.in b/daemon/lua/trust_anchors.lua.in index efc296b82..0619d9761 100644 --- a/daemon/lua/trust_anchors.lua.in +++ b/daemon/lua/trust_anchors.lua.in @@ -19,6 +19,7 @@ end -- Fetch root anchors in XML over HTTPS, returning a zone-file-style string. local function bootstrap(url, ca) + -- RFC 7958, sec. 2, but we don't do precise XML parsing. -- @todo ICANN certificate is verified against current CA -- this is not ideal, as it should rather verify .xml signature which -- is signed by ICANN long-lived cert, but luasec has no PKCS7 @@ -166,7 +167,7 @@ local function refresh_plan(trust_anchors, timeout, refresh_cb, priming, bootstr if trust_anchors.refresh_time ~= nil then next_time = trust_anchors.refresh_time end - print('[ ta ] next refresh: '..next_time) + print('[ ta ] next refresh in ' .. next_time/hour .. ' hours') refresh_plan(trust_anchors, next_time, refresh_cb) -- Priming query, prime root NS next if priming ~= nil then @@ -318,4 +319,13 @@ local trust_anchors = { end, } +-- Syntactic sugar for TA store +setmetatable(trust_anchors, { + __newindex = function (t,k,v) + if k == 'file' then t.config(v) + elseif k == 'negative' then t.set_insecure(v) + else rawset(t, k, v) end + end, +}) + return trust_anchors