1. 21 Jun, 2018 1 commit
  2. 15 Jun, 2018 5 commits
    • Michał Kępień's avatar
      Propagate dns_zoneverify_dnssec() errors to callers · 24bca1c4
      Michał Kępień authored
      Since exit() is no longer called upon any dns_zoneverify_dnssec() error,
      verification failures should be signalled to callers.  Make
      dns_zoneverify_dnssec() return an isc_result_t and handle both success
      and error appropriately in bin/dnssec/dnssec-signzone.c and
      bin/dnssec/dnssec-verify.c.  This enables memory leak detection during
      shutdown of these tools and causes dnssec-signzone to print signing
      statistics even when zone verification fails.
      24bca1c4
    • Michał Kępień's avatar
      Implement zoneverify_log_error() and zoneverify_print() · d949a5d8
      Michał Kępień authored
      These functions will be used in the process of replacing fatal(),
      check_result(), and fprintf() calls throughout lib/dns/zoneverify.c with
      code that does not call exit().  They are intended for:
      
        - zoneverify_log_error(): logging problems encountered while
          performing zone verification,
      
        - zoneverify_print(): printing status messages and reports which are
          only useful in standalone tools.
      
      To make using dns_zone_logv() possible, add a new "zone" argument to
      dns_zoneverify_dnssec() that standalone tools are expected to set to
      NULL.
      d949a5d8
    • Michał Kępień's avatar
      Rename verifyzone() to dns_zoneverify_dnssec() · 7554e8d2
      Michał Kępień authored
      This makes the function's name match the naming convention used for
      libdns functions.
      7554e8d2
    • Michał Kępień's avatar
      Move verifyzone() and its dependencies into lib/dns/zoneverify.c · 3a14450d
      Michał Kępień authored
      This commit only moves code around, with the following exceptions:
      
        - the check_dns_dbiterator_current() macro and functions
          is_delegation() and has_dname() were removed from
          bin/dnssec/dnssectool.{c,h} and duplicated in two locations:
          bin/dnssec/dnssec-signzone.c and lib/dns/zoneverify.c; these
          functions are used both by the code in bin/dnssec/dnssec-signzone.c
          and verifyzone(), but are not a good fit for being exported by a
          code module responsible for zone verification,
      
        - fatal() and check_result() were duplicated in lib/dns/zoneverify.c
          as static functions which do not use the "program" variable any more
          (as it is only set by the tools in bin/dnssec/); this is a temporary
          step which only aims to prevent compilation from breaking - these
          duplicate functions will be removed once lib/dns/zoneverify.c is
          refactored not to use them,
      
        - the list of header files included by lib/dns/zoneverify.c was
          expanded to encompass all header files that are actually used by the
          code in that file,
      
        - a description of the purpose of the commented out "fields" inside
          struct nsec3_chain_fixed was added.
      3a14450d
    • Michał Kępień's avatar
      Replace type_format() and TYPE_FORMATSIZE with their libdns counterparts · ffe8ddd9
      Michał Kępień authored
      Rather than use custom functions and macros local to bin/dnssec/, use
      their counterparts provided by libdns.
      ffe8ddd9
  3. 13 Jun, 2018 2 commits
  4. 05 Jun, 2018 1 commit
  5. 22 May, 2018 1 commit
    • Ondřej Surý's avatar
      address win32 build issues · 7ee8a7e6
      Ondřej Surý authored
      - Replace external -DOPENSSL/-DPKCS11CRYPTO with properly AC_DEFINEd
        HAVE_OPENSSL/HAVE_PKCS11
      - Don't enforce the crypto provider from platform.h, just from dst_api.c
        and configure scripts
      7ee8a7e6
  6. 21 May, 2018 1 commit
  7. 16 May, 2018 3 commits
  8. 11 May, 2018 1 commit
  9. 03 May, 2018 1 commit
  10. 09 Apr, 2018 1 commit
    • Michał Kępień's avatar
      Use dns_fixedname_initname() where possible · 4df4a8e7
      Michał Kępień authored
      Replace dns_fixedname_init() calls followed by dns_fixedname_name()
      calls with calls to dns_fixedname_initname() where it is possible
      without affecting current behavior and/or performance.
      
      This patch was mostly prepared using Coccinelle and the following
      semantic patch:
      
          @@
          expression fixedname, name;
          @@
          -	dns_fixedname_init(&fixedname);
          	...
          -	name = dns_fixedname_name(&fixedname);
          +	name = dns_fixedname_initname(&fixedname);
      
      The resulting set of changes was then manually reviewed to exclude false
      positives and apply minor tweaks.
      
      It is likely that more occurrences of this pattern can be refactored in
      an identical way.  This commit only takes care of the low-hanging fruit.
      4df4a8e7
  11. 06 Apr, 2018 4 commits
  12. 04 Apr, 2018 1 commit
  13. 16 Mar, 2018 1 commit
  14. 23 Feb, 2018 1 commit
  15. 15 Feb, 2018 2 commits
  16. 31 Jan, 2018 2 commits
  17. 26 Jan, 2018 1 commit
  18. 25 Jan, 2018 2 commits
  19. 20 Jan, 2018 1 commit
  20. 19 Jan, 2018 2 commits
  21. 17 Jan, 2018 2 commits
  22. 22 Dec, 2017 1 commit
  23. 07 Dec, 2017 1 commit
  24. 01 Nov, 2017 1 commit
  25. 31 Oct, 2017 1 commit