- 21 Jun, 2018 4 commits
-
-
Evan Hunt authored
-
Ondřej Surý authored
Resolve "configure fails unless --enable-developer is specified" Closes #351 See merge request !391
-
Ondřej Surý authored
-
Ondřej Surý authored
-
- 20 Jun, 2018 5 commits
-
-
Ondřej Surý authored
Add cmocka support to infrastructure (build) files Closes #250 See merge request !369
-
Ondřej Surý authored
Add support for cmocka assert testing by overriding REQUIRE/INSIST/... macros when UNIT_TESTING is defined
-
Ondřej Surý authored
-
Ondřej Surý authored
-
Ondřej Surý authored
-
- 19 Jun, 2018 4 commits
-
-
Ondřej Surý authored
Check if gitlab exists in git-replay-merge.sh See merge request !388
-
Witold Krecicki authored
-
Mark Andrews authored
Merge branch '336-default-of-rrset-order-silently-changed-to-be-sorted-rather-than-random' into 'master' Resolve "Default of rrset-order silently changed to be sorted (rather than random)" Closes #336 See merge request !379
-
Mark Andrews authored
-
- 15 Jun, 2018 27 commits
-
-
Michał Kępień authored
Convert verifyzone() to a libdns function Closes #266 See merge request !291
-
Michał Kępień authored
4973. [func] verifyzone() and the functions it uses were moved to libdns and refactored to prevent exit() from being called upon failure. A side effect of that is that dnssec-signzone and dnssec-verify now check for memory leaks upon shutdown. [GL #266]
-
Michał Kępień authored
-
Michał Kępień authored
Where possible, apply the const qualifier to arguments of functions present in lib/dns/zoneverify.c.
-
Michał Kępień authored
Since exit() is no longer called upon any dns_zoneverify_dnssec() error, verification failures should be signalled to callers. Make dns_zoneverify_dnssec() return an isc_result_t and handle both success and error appropriately in bin/dnssec/dnssec-signzone.c and bin/dnssec/dnssec-verify.c. This enables memory leak detection during shutdown of these tools and causes dnssec-signzone to print signing statistics even when zone verification fails.
-
Michał Kępień authored
Since no function in lib/dns/zoneverify.c uses fatal() or check_result() any more, remove them.
-
Michał Kępień authored
Replace all fprintf() calls inside lib/dns/zoneverify.c, but outside of zoneverify_log_error() and zoneverify_print() with calls to these functions.
-
Michał Kępień authored
record_found() returns an isc_result_t, but its value is not checked. Modify the only call site of record_found() so that its errors are properly handled.
-
Michał Kępień authored
Replace the remaining fatal() calls inside dns_zoneverify_dnssec() with zoneverify_log_error() and zoneverify_print() calls, ensuring proper cleanup.
-
Michał Kępień authored
Replace the fprintf() call inside record_nsec3() with a zoneverify_log_error() call. Remove the "mctx" argument of record_nsec3() as it can be extracted from "vctx". Modify one of the record_nsec3() call sites so that its errors are properly handled.
-
Michał Kępień authored
Make match_nsec3() return the verification result through a separate pointer, thus making it possible to signal errors using function return value. Replace all check_result() and fprintf() calls inside match_nsec3() with zoneverify_log_error() calls and error handling code. Modify all call sites of match_nsec3() so that its errors are properly handled.
-
Michał Kępień authored
Replace all check_result() calls inside isoptout() with zoneverify_log_error() calls and error handling code. Enable isoptout() to signal errors to the caller using its return value. Modify the call site of isoptout() so that its errors are properly handled.
-
Michał Kępień authored
Make verifynsec3(), verifynsec3s(), and verifyemptynodes() return the verification result through a separate pointer, thus making it possible to signal errors using function return values. Replace all check_result() and fprintf() calls inside these functions with zoneverify_log_error() calls and error handling code. Modify all call sites of verifynsec3(), verifynsec3s(), and verifyemptynodes() so that their errors are properly handled.
-
Michał Kępień authored
Make verifynsec() return the verification result through a separate pointer, thus making it possible to signal errors using function return value. Replace all check_result() and fprintf() calls inside verifynsec() with zoneverify_log_error() calls and error handling code. Modify the call site of verifynsec() so that its errors are properly handled. Rename "tresult" to "tvresult" in order to improve variable naming consistency between functions.
-
Michał Kępień authored
Replace all check_result() and fprintf() calls inside check_no_rrsig() with zoneverify_log_error() calls and error handling code. Enable check_no_rrsig() to signal errors to the caller using its return value. Modify the call site of check_no_rrsig() so that its errors are properly handled. Define buffer size using a named constant rather than a plain integer.
-
Michał Kępień authored
Replace all check_result() and fprintf() calls inside verifyset() with zoneverify_log_error() calls and error handling code. Enable verifyset() to signal errors to the caller using its return value. Modify the call site of verifyset() so that its errors are properly handled. Define buffer sizes using named constants rather than plain integers.
-
Michał Kępień authored
Make verifynode() return the verification result through a separate pointer, thus making it possible to signal errors using function return value. Replace all fatal() and check_result() calls inside verifynode() with zoneverify_log_error() calls and error handling code. Add a REQUIRE assertion to emphasize verifynode() may be called with some of its arguments set to NULL. Modify all call sites of verifynode() so that its errors are properly handled.
-
Michał Kępień authored
Replace the check_result() call inside is_empty() with a zoneverify_log_error() call and error handling code. Enable is_empty() to signal errors to the caller using its return value. Modify the call site of is_empty() so that its errors are properly handled.
-
Michał Kępień authored
Replace the fatal() call inside check_no_nsec() with a zoneverify_log_error() call. Enable check_no_nsec() to signal errors to the caller using its return value. Modify all call sites of check_no_nsec() so that its errors are properly handled.
-
Michał Kępień authored
Replace all fatal(), check_result(), and check_dns_dbiterator_current() calls inside verify_nodes() with zoneverify_log_error() calls and error handling code. Enable verify_nodes() to signal errors to the caller using its return value. Modify the call site of verify_nodes() so that its errors are properly handled. Free all heap elements upon verification context cleanup as a verification error may prevent them from being freed elsewhere. Remove the check_dns_dbiterator_current() macro as it is no longer used anywhere in lib/dns/zoneverify.c.
-
Michał Kępień authored
Replace all fatal() and fprintf() calls inside check_bad_algorithms() with zoneverify_print() calls and error handling code. Enable check_bad_algorithms() to signal errors to the caller using its return value. Modify the call site of check_bad_algorithms() so that its errors are properly handled.
-
Michał Kępień authored
Replace all fatal() and check_result() calls inside check_dnskey() with zoneverify_log_error() calls and error handling code. Enable check_dnskey() to signal errors to the caller using its return value. Modify the call site of check_dnskey() so that its errors are properly handled.
-
Michał Kępień authored
Replace all fatal() calls inside check_apex_rrsets() with zoneverify_log_error() calls and error handling code. Enable check_apex_rrsets() to signal errors to the caller using its return value. Modify the call site of check_apex_rrsets() so that its errors are properly handled.
-
Michał Kępień authored
Replace calls to check_result() with RUNTIME_CHECK assertions for all dns_rdata_tostruct() calls in lib/dns/zoneverify.c as this function cannot fail when the "mctx" argument is NULL (and that is the case for all call sites of this function throughout lib/dns/zoneverify.c).
-
Michał Kępień authored
Extract the part of dns_zoneverify_dnssec() responsible for printing a summary for a fully signed zone to a separate function.
-
Michał Kępień authored
Extract the part of dns_zoneverify_dnssec() responsible for checking whether the zone is fully signed using all active algorithms to a separate function.
-
Michał Kępień authored
Extract the part of dns_zoneverify_dnssec() responsible for verifying DNSSEC signatures against the DNSKEY RRset at zone apex and checking consistency of NSEC/NSEC3 chains to a separate function.
-