Code changes for CSK
Update dns_dnssec_keyactive to differentiate between the roles ZSK and KSK. A key is active if it is signing but that differs per role. A ZSK is signing if its ZRRSIG state is in RUMOURED or OMNIPRESENT, a KSK is signing if its KRRSIG state is in RUMOURED or OMNIPRESENT. This means that a key can be actively signing for one role but not the other. Add checks in inline signing (zone.c and update.c) to cover the case where a CSK is active in its KSK role but not the ZSK role.
Showing with 56 additions and 16 deletions