-
Evan Hunt authored
note: this is a frankensteinian kluge which needs further refactoring. the keytable started as an RBT where the node->data points to a list of dns_keynode structures, each of which points to a single dst_key. later it was modified so that the list could instead point to a single "null" keynode structure, which does not reference a key; this means a trust anchor has been configured but the RFC 5011 refresh failed. in this branch it is further updated to allow the first keynode in the list to point to an rdatalist of DS-style trust anchors. these will be used by the validator to populate 'val->dsset' when validating a zone key. a DS style trust anchor can be updated as a result of RFC 5011 processing to contain DST keys instead; this results in the DS list being freed. the reverse is not possible; attempting to add a DS-style trust anchor if a key-style trust anchor is already in place results in an error. later, this should be refactored to use rdatalists for both DS-style and key-style trust anchors, but we're keeping the existing code for old-style trust anchors for now.
854af5a3