-
Matthijs Mekking authored
Update dns_dnssec_get_hints and dns_dnssec_keyactive to use dst_key functions and thus if dnssec-policy/KASP is used the key states are being considered. Add a new variable to 'struct dns_dnsseckey' to signal whether this key is a zone-signing key (it is no longer true that ksk == !zsk). Also introduce a hint for revoke. Update 'dns_dnssec_findzonekeys' and 'dns_dnssec_findmatchingkeys' to also read the key state file, if available. Remove 'allzsk' from 'dns_dnssec_updatekeys' as this was only a hint for logging. Also make get_hints() (now dns_dnssec_get_hints()) public so that we can use it in the key manager.
bd9750f3