GitLab

Resolve "configure fails unless --enable-developer is specified"

Closes #351

See merge request !391

Add cmocka support to infrastructure (build) files

Closes #250

See merge request !369

Add support for cmocka assert testing by overriding REQUIRE/INSIST/... macros when UNIT_TESTING is defined

Check if gitlab exists in git-replay-merge.sh

See merge request !388

Merge branch '336-default-of-rrset-order-silently-changed-to-be-sorted-rather-than-random' into 'master'

Resolve "Default of rrset-order silently changed to be sorted (rather than random)"

Closes #336

See merge request !379

Convert verifyzone() to a libdns function

Closes #266

See merge request !291

4973.	[func]		verifyzone() and the functions it uses were moved to
			libdns and refactored to prevent exit() from being
			called upon failure.  A side effect of that is that
			dnssec-signzone and dnssec-verify now check for memory
			leaks upon shutdown. [GL #266]

Where possible, apply the const qualifier to arguments of functions
present in lib/dns/zoneverify.c.

Since exit() is no longer called upon any dns_zoneverify_dnssec() error,
verification failures should be signalled to callers.  Make
dns_zoneverify_dnssec() return an isc_result_t and handle both success
and error appropriately in bin/dnssec/dnssec-signzone.c and
bin/dnssec/dnssec-verify.c.  This enables memory leak detection during
shutdown of these tools and causes dnssec-signzone to print signing
statistics even when zone verification fails.

Since no function in lib/dns/zoneverify.c uses fatal() or check_result()
any more, remove them.

Replace all fprintf() calls inside lib/dns/zoneverify.c, but outside of
zoneverify_log_error() and zoneverify_print() with calls to these
functions.

record_found() returns an isc_result_t, but its value is not checked.
Modify the only call site of record_found() so that its errors are
properly handled.

Replace the remaining fatal() calls inside dns_zoneverify_dnssec() with
zoneverify_log_error() and zoneverify_print() calls, ensuring proper
cleanup.

Replace the fprintf() call inside record_nsec3() with a
zoneverify_log_error() call.  Remove the "mctx" argument of
record_nsec3() as it can be extracted from "vctx".

Modify one of the record_nsec3() call sites so that its errors are
properly handled.

Make match_nsec3() return the verification result through a separate
pointer, thus making it possible to signal errors using function
return value.  Replace all check_result() and fprintf() calls inside
match_nsec3() with zoneverify_log_error() calls and error handling code.

Modify all call sites of match_nsec3() so that its errors are properly
handled.

Replace all check_result() calls inside isoptout() with
zoneverify_log_error() calls and error handling code.  Enable isoptout()
to signal errors to the caller using its return value.

Modify the call site of isoptout() so that its errors are properly
handled.

Make verifynsec3(), verifynsec3s(), and verifyemptynodes() return the
verification result through a separate pointer, thus making it possible
to signal errors using function return values.  Replace all
check_result() and fprintf() calls inside these functions with
zoneverify_log_error() calls and error handling code.

Modify all call sites of verifynsec3(), verifynsec3s(), and
verifyemptynodes() so that their errors are properly handled.

Make verifynsec() return the verification result through a separate
pointer, thus making it possible to signal errors using function
return value.  Replace all check_result() and fprintf() calls inside
verifynsec() with zoneverify_log_error() calls and error handling code.

Modify the call site of verifynsec() so that its errors are properly
handled.

Rename "tresult" to "tvresult" in order to improve variable naming
consistency between functions.

Replace all check_result() and fprintf() calls inside check_no_rrsig()
with zoneverify_log_error() calls and error handling code.  Enable
check_no_rrsig() to signal errors to the caller using its return
value.

Modify the call site of check_no_rrsig() so that its errors are properly
handled.

Define buffer size using a named constant rather than a plain integer.

Replace all check_result() and fprintf() calls inside verifyset() with
zoneverify_log_error() calls and error handling code.  Enable
verifyset() to signal errors to the caller using its return value.

Modify the call site of verifyset() so that its errors are properly
handled.

Define buffer sizes using named constants rather than plain integers.

Make verifynode() return the verification result through a separate
pointer, thus making it possible to signal errors using function
return value.  Replace all fatal() and check_result() calls inside
verifynode() with zoneverify_log_error() calls and error handling code.
Add a REQUIRE assertion to emphasize verifynode() may be called with
some of its arguments set to NULL.

Modify all call sites of verifynode() so that its errors are properly
handled.

Replace the check_result() call inside is_empty() with a
zoneverify_log_error() call and error handling code.  Enable is_empty()
to signal errors to the caller using its return value.

Modify the call site of is_empty() so that its errors are properly
handled.

Replace the fatal() call inside check_no_nsec() with a
zoneverify_log_error() call.  Enable check_no_nsec() to signal errors to
the caller using its return value.

Modify all call sites of check_no_nsec() so that its errors are properly
handled.

Replace all fatal(), check_result(), and check_dns_dbiterator_current()
calls inside verify_nodes() with zoneverify_log_error() calls and error
handling code.  Enable verify_nodes() to signal errors to the caller
using its return value.

Modify the call site of verify_nodes() so that its errors are properly
handled.

Free all heap elements upon verification context cleanup as a
verification error may prevent them from being freed elsewhere.

Remove the check_dns_dbiterator_current() macro as it is no longer used
anywhere in lib/dns/zoneverify.c.

Replace all fatal() and fprintf() calls inside check_bad_algorithms()
with zoneverify_print() calls and error handling code.  Enable
check_bad_algorithms() to signal errors to the caller using its return
value.

Modify the call site of check_bad_algorithms() so that its errors are
properly handled.

Replace all fatal() and check_result() calls inside check_dnskey() with
zoneverify_log_error() calls and error handling code.  Enable
check_dnskey() to signal errors to the caller using its return value.

Modify the call site of check_dnskey() so that its errors are properly
handled.

Replace all fatal() calls inside check_apex_rrsets() with
zoneverify_log_error() calls and error handling code.  Enable
check_apex_rrsets() to signal errors to the caller using its return
value.

Modify the call site of check_apex_rrsets() so that its errors are
properly handled.

Replace calls to check_result() with RUNTIME_CHECK assertions for all
dns_rdata_tostruct() calls in lib/dns/zoneverify.c as this function
cannot fail when the "mctx" argument is NULL (and that is the case for
all call sites of this function throughout lib/dns/zoneverify.c).

Extract the part of dns_zoneverify_dnssec() responsible for printing a
summary for a fully signed zone to a separate function.

Extract the part of dns_zoneverify_dnssec() responsible for checking
whether the zone is fully signed using all active algorithms to a
separate function.

Extract the part of dns_zoneverify_dnssec() responsible for verifying
DNSSEC signatures against the DNSKEY RRset at zone apex and checking
consistency of NSEC/NSEC3 chains to a separate function.