Commit f77148e0 authored by Francis Dupont's avatar Francis Dupont
Browse files

a KSK revoked by named could not be deleted. [RT #20881]

parent b3990d04
2838. [bug] A KSK revoked by named could not be deleted.
[RT #20881]
2837. [port] Prevent Linux spurious warnings about fwrite().
[RT #20812]
......
......@@ -16,7 +16,7 @@
*/
/*
* $Id: dnssec.c,v 1.117 2009/12/18 23:49:03 tbox Exp $
* $Id: dnssec.c,v 1.118 2010/01/13 08:35:24 fdupont Exp $
*/
/*! \file */
......@@ -1449,6 +1449,33 @@ dns_dnssec_keylistfromrdataset(dns_name_t *origin,
DST_TYPE_PUBLIC|DST_TYPE_PRIVATE,
directory, mctx, &privkey);
/*
* If the key was revoked and the private file
* doesn't exist, maybe it was revoked internally
* by named. Try loading the unrevoked version.
*/
if (result == ISC_R_FILENOTFOUND) {
isc_uint32_t flags;
flags = dst_key_flags(pubkey);
if ((flags & DNS_KEYFLAG_REVOKE) != 0) {
dst_key_setflags(pubkey,
flags & ~DNS_KEYFLAG_REVOKE);
result = dst_key_fromfile(dst_key_name(pubkey),
dst_key_id(pubkey),
dst_key_alg(pubkey),
DST_TYPE_PUBLIC|
DST_TYPE_PRIVATE,
directory,
mctx, &privkey);
if (result == ISC_R_SUCCESS &&
dst_key_pubcompare(pubkey, privkey,
ISC_FALSE)) {
dst_key_setflags(privkey, flags);
}
dst_key_setflags(pubkey, flags);
}
}
if (result != ISC_R_SUCCESS) {
char keybuf[DNS_NAME_FORMATSIZE];
char algbuf[DNS_SECALG_FORMATSIZE];
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment