Commit 00ecbad2 authored by Michał Kępień's avatar Michał Kępień

Do not call exit() upon check_bad_algorithms() errors

Replace all fatal() and fprintf() calls inside check_bad_algorithms()
with zoneverify_print() calls and error handling code.  Enable
check_bad_algorithms() to signal errors to the caller using its return

Modify the call site of check_bad_algorithms() so that its errors are
properly handled.
parent 7c3f6531
......@@ -1526,26 +1526,31 @@ verify_nodes(vctx_t *vctx, isc_result_t *vresult) {
static void
static isc_result_t
check_bad_algorithms(const vctx_t *vctx) {
isc_boolean_t first = ISC_TRUE;
int i;
for (i = 0; i < 256; i++) {
if (vctx->bad_algorithms[i] != 0) {
if (first)
fprintf(stderr, "The zone is not fully signed "
"for the following algorithms:");
dns_secalg_format(i, algbuf, sizeof(algbuf));
fprintf(stderr, " %s", algbuf);
first = ISC_FALSE;
if (vctx->bad_algorithms[i] == 0) {
if (first) {
"The zone is not fully signed for "
"the following algorithms:");
dns_secalg_format(i, algbuf, sizeof(algbuf));
zoneverify_print(vctx, " %s", algbuf);
first = ISC_FALSE;
if (!first) {
fprintf(stderr, ".\n");
fatal("DNSSEC completeness test failed.");
zoneverify_print(vctx, ".\n");
return (first ? ISC_R_SUCCESS : ISC_R_FAILURE);
static void
......@@ -1619,7 +1624,11 @@ dns_zoneverify_dnssec(dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *ver,
if (result != ISC_R_SUCCESS && vresult == ISC_R_SUCCESS)
vresult = result;
result = check_bad_algorithms(&vctx);
if (result != ISC_R_SUCCESS) {
zoneverify_print(&vctx, "DNSSEC completeness test failed.\n");
goto done;
if (vresult != ISC_R_SUCCESS)
fatal("DNSSEC completeness test failed (%s).",
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment