Commit a15583c6 authored by Brian Wellington's avatar Brian Wellington
Browse files

Conform to the dns_dnssec_verify api change

parent 48e27f52
...@@ -172,18 +172,12 @@ signwithkey(dns_name_t *name, dns_rdataset_t *rdataset, dns_rdata_t *rdata, ...@@ -172,18 +172,12 @@ signwithkey(dns_name_t *name, dns_rdataset_t *rdataset, dns_rdata_t *rdata,
check_result(result, "dns_dnssec_sign()"); check_result(result, "dns_dnssec_sign()");
if (tryverify != 0) { if (tryverify != 0) {
isc_stdtime_t current; result = dns_dnssec_verify(name, rdataset, key,
isc_stdtime_get(&current); ISC_TRUE, mctx, rdata);
if (current >= starttime && current < endtime) {
result = dns_dnssec_verify(name, rdataset, key, mctx,
rdata);
if (result == ISC_R_SUCCESS) if (result == ISC_R_SUCCESS)
vbprintf(3, "\tsignature verified\n"); vbprintf(3, "\tsignature verified\n");
else else
vbprintf(3, "\tsignature failed to verify\n"); vbprintf(3, "\tsignature failed to verify\n");
}
else
vbprintf(3, "\tsignature is not currently valid\n");
} }
} }
...@@ -284,7 +278,8 @@ static inline isc_boolean_t ...@@ -284,7 +278,8 @@ static inline isc_boolean_t
setverifies(dns_name_t *name, dns_rdataset_t *set, signer_key_t *key, setverifies(dns_name_t *name, dns_rdataset_t *set, signer_key_t *key,
dns_rdata_t *sig) dns_rdata_t *sig)
{ {
isc_result_t result = dns_dnssec_verify(name, set, key->key, mctx, sig); isc_result_t result;
result = dns_dnssec_verify(name, set, key->key, ISC_FALSE, mctx, sig);
return (ISC_TF(result == ISC_R_SUCCESS)); return (ISC_TF(result == ISC_R_SUCCESS));
} }
......
...@@ -172,18 +172,12 @@ signwithkey(dns_name_t *name, dns_rdataset_t *rdataset, dns_rdata_t *rdata, ...@@ -172,18 +172,12 @@ signwithkey(dns_name_t *name, dns_rdataset_t *rdataset, dns_rdata_t *rdata,
check_result(result, "dns_dnssec_sign()"); check_result(result, "dns_dnssec_sign()");
if (tryverify != 0) { if (tryverify != 0) {
isc_stdtime_t current; result = dns_dnssec_verify(name, rdataset, key,
isc_stdtime_get(&current); ISC_TRUE, mctx, rdata);
if (current >= starttime && current < endtime) {
result = dns_dnssec_verify(name, rdataset, key, mctx,
rdata);
if (result == ISC_R_SUCCESS) if (result == ISC_R_SUCCESS)
vbprintf(3, "\tsignature verified\n"); vbprintf(3, "\tsignature verified\n");
else else
vbprintf(3, "\tsignature failed to verify\n"); vbprintf(3, "\tsignature failed to verify\n");
}
else
vbprintf(3, "\tsignature is not currently valid\n");
} }
} }
...@@ -284,7 +278,8 @@ static inline isc_boolean_t ...@@ -284,7 +278,8 @@ static inline isc_boolean_t
setverifies(dns_name_t *name, dns_rdataset_t *set, signer_key_t *key, setverifies(dns_name_t *name, dns_rdataset_t *set, signer_key_t *key,
dns_rdata_t *sig) dns_rdata_t *sig)
{ {
isc_result_t result = dns_dnssec_verify(name, set, key->key, mctx, sig); isc_result_t result;
result = dns_dnssec_verify(name, set, key->key, ISC_FALSE, mctx, sig);
return (ISC_TF(result == ISC_R_SUCCESS)); return (ISC_TF(result == ISC_R_SUCCESS));
} }
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment