Commit 06d9e93a authored by Mark Andrews's avatar Mark Andrews
Browse files

address DNS_R_MUSTBESECURE failures

parent 353d0cd8
Pipeline #20802 passed with stages
in 30 minutes and 33 seconds
......@@ -531,9 +531,10 @@ dsfetched2(isc_task_t *task, isc_event_t *event) {
"must be secure failure, no DS"
" and this is a delegation");
validator_done(val, DNS_R_MUSTBESECURE);
} else {
markanswer(val, "dsfetched2");
validator_done(val, ISC_R_SUCCESS);
}
markanswer(val, "dsfetched2");
validator_done(val, ISC_R_SUCCESS);
} else {
result = proveunsecure(val, false, true);
if (result != DNS_R_WAIT)
......@@ -686,9 +687,10 @@ dsvalidated(isc_task_t *task, isc_event_t *event) {
"must be secure failure, no DS "
"and this is a delegation");
result = DNS_R_MUSTBESECURE;
} else {
markanswer(val, "dsvalidated");
result = ISC_R_SUCCESS;;
}
markanswer(val, "dsvalidated");
result = ISC_R_SUCCESS;;
} else if ((val->attributes & VALATTR_INSECURITY) != 0) {
result = proveunsecure(val, have_dsset, true);
} else
......@@ -1707,9 +1709,9 @@ validatezonekey(dns_validator_t *val) {
"must be secure failure, "
"not beneath secure root");
return (DNS_R_MUSTBESECURE);
} else
validator_log(val, ISC_LOG_DEBUG(3),
"not beneath secure root");
}
validator_log(val, ISC_LOG_DEBUG(3),
"not beneath secure root");
markanswer(val, "validatezonekey (1)");
return (ISC_R_SUCCESS);
}
......@@ -2651,9 +2653,9 @@ proveunsecure(dns_validator_t *val, bool have_ds, bool resume) {
"not beneath secure root");
result = DNS_R_MUSTBESECURE;
goto out;
} else
validator_log(val, ISC_LOG_DEBUG(3),
"not beneath secure root");
}
validator_log(val, ISC_LOG_DEBUG(3),
"not beneath secure root");
markanswer(val, "proveunsecure (1)");
return (ISC_R_SUCCESS);
} else if (result != ISC_R_SUCCESS) {
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment