summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
Diffstat (limited to 'lib')
-rw-r--r--lib/dns/api2
-rw-r--r--lib/dns/ncache.c4
-rw-r--r--lib/dns/validator.c33
-rw-r--r--lib/dns/win32/libdns.def1
4 files changed, 24 insertions, 16 deletions
diff --git a/lib/dns/api b/lib/dns/api
index af1a23fe..9d9c7586 100644
--- a/lib/dns/api
+++ b/lib/dns/api
@@ -1,3 +1,3 @@
LIBINTERFACE = 82
-LIBREVISION = 1
+LIBREVISION = 2
LIBAGE = 1
diff --git a/lib/dns/ncache.c b/lib/dns/ncache.c
index 211d5fc6..e72571ee 100644
--- a/lib/dns/ncache.c
+++ b/lib/dns/ncache.c
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: ncache.c,v 1.50.124.1 2011-02-03 07:39:03 marka Exp $ */
+/* $Id: ncache.c,v 1.50.124.1.2.1 2011-05-27 00:57:31 each Exp $ */
/*! \file */
@@ -186,7 +186,7 @@ dns_ncache_addoptout(dns_message_t *message, dns_db_t *cache,
*/
isc_buffer_availableregion(&buffer,
&r);
- if (r.length < 2)
+ if (r.length < 3)
return (ISC_R_NOSPACE);
isc_buffer_putuint16(&buffer,
rdataset->type);
diff --git a/lib/dns/validator.c b/lib/dns/validator.c
index 7895c7cc..fa6fa610 100644
--- a/lib/dns/validator.c
+++ b/lib/dns/validator.c
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: validator.c,v 1.197 2010-12-23 04:07:58 marka Exp $ */
+/* $Id: validator.c,v 1.197.40.1 2011-05-27 00:57:31 each Exp $ */
#include <config.h>
@@ -428,7 +428,8 @@ fetch_callback_validator(isc_task_t *task, isc_event_t *event) {
validator_done(val, ISC_R_CANCELED);
} else if (eresult == ISC_R_SUCCESS) {
validator_log(val, ISC_LOG_DEBUG(3),
- "keyset with trust %d", rdataset->trust);
+ "keyset with trust %s",
+ dns_trust_totext(rdataset->trust));
/*
* Only extract the dst key if the keyset is secure.
*/
@@ -505,7 +506,8 @@ dsfetched(isc_task_t *task, isc_event_t *event) {
validator_done(val, ISC_R_CANCELED);
} else if (eresult == ISC_R_SUCCESS) {
validator_log(val, ISC_LOG_DEBUG(3),
- "dsset with trust %d", rdataset->trust);
+ "dsset with trust %s",
+ dns_trust_totext(rdataset->trust));
val->dsset = &val->frdataset;
result = validatezonekey(val);
if (result != DNS_R_WAIT)
@@ -660,7 +662,8 @@ keyvalidated(isc_task_t *task, isc_event_t *event) {
validator_done(val, ISC_R_CANCELED);
} else if (eresult == ISC_R_SUCCESS) {
validator_log(val, ISC_LOG_DEBUG(3),
- "keyset with trust %d", val->frdataset.trust);
+ "keyset with trust %s",
+ dns_trust_totext(val->frdataset.trust));
/*
* Only extract the dst key if the keyset is secure.
*/
@@ -731,10 +734,10 @@ dsvalidated(isc_task_t *task, isc_event_t *event) {
isc_boolean_t have_dsset;
dns_name_t *name;
validator_log(val, ISC_LOG_DEBUG(3),
- "%s with trust %d",
+ "%s with trust %s",
val->frdataset.type == dns_rdatatype_ds ?
"dsset" : "ds non-existance",
- val->frdataset.trust);
+ dns_trust_totext(val->frdataset.trust));
have_dsset = ISC_TF(val->frdataset.type == dns_rdatatype_ds);
name = dns_fixedname_name(&val->fname);
if ((val->attributes & VALATTR_INSECURITY) != 0 &&
@@ -1385,8 +1388,8 @@ view_find(dns_validator_t *val, dns_name_t *name, dns_rdatatype_t type) {
INSIST(type == dns_rdatatype_dlv);
if (val->frdataset.trust != dns_trust_secure) {
validator_log(val, ISC_LOG_DEBUG(3),
- "covering nsec: trust %u",
- val->frdataset.trust);
+ "covering nsec: trust %s",
+ dns_trust_totext(val->frdataset.trust));
goto notfound;
}
result = dns_rdataset_first(&val->frdataset);
@@ -1721,8 +1724,8 @@ get_key(dns_validator_t *val, dns_rdata_rrsig_t *siginfo) {
* See if we've got the key used in the signature.
*/
validator_log(val, ISC_LOG_DEBUG(3),
- "keyset with trust %d",
- val->frdataset.trust);
+ "keyset with trust %s",
+ dns_trust_totext(val->frdataset.trust));
result = get_dst_key(val, siginfo, val->keyset);
if (result != ISC_R_SUCCESS) {
/*
@@ -2492,8 +2495,11 @@ validatezonekey(dns_validator_t *val) {
" insecure DS");
return (DNS_R_MUSTBESECURE);
}
- markanswer(val, "validatezonekey (2)");
- return (ISC_R_SUCCESS);
+ if (val->view->dlv == NULL || DLVTRIED(val)) {
+ markanswer(val, "validatezonekey (2)");
+ return (ISC_R_SUCCESS);
+ }
+ return (startfinddlvsep(val, val->event->name));
}
/*
@@ -3231,7 +3237,8 @@ dlvvalidated(isc_task_t *task, isc_event_t *event) {
validator_done(val, ISC_R_CANCELED);
} else if (eresult == ISC_R_SUCCESS) {
validator_log(val, ISC_LOG_DEBUG(3),
- "dlvset with trust %d", val->frdataset.trust);
+ "dlvset with trust %s",
+ dns_trust_totext(val->frdataset.trust));
dns_rdataset_clone(&val->frdataset, &val->dlv);
val->havedlvsep = ISC_TRUE;
if (dlv_algorithm_supported(val))
diff --git a/lib/dns/win32/libdns.def b/lib/dns/win32/libdns.def
index 83a1cf62..dac286ef 100644
--- a/lib/dns/win32/libdns.def
+++ b/lib/dns/win32/libdns.def
@@ -675,6 +675,7 @@ dns_tkey_processgssresponse
dns_tkey_processquery
dns_tkeyctx_create
dns_tkeyctx_destroy
+dns_trust_totext
dns_tsig_sign
dns_tsig_verify
dns_tsigkey_attach