...
 
Commits (2)
......@@ -942,16 +942,16 @@ check_dnssecstatus() {
else
grep "dnssec-policy: ${POLICY}" rndc.dnssec.status.out.$_zone.$n > /dev/null || log_error "bad dnssec status for zone ${_zone}"
if [ "$(key_get KEY1 EXPECT)" = "yes" ]; then
grep "key: $(key_get KEY1 ID)" rndc.dnssec.status.out.$_zone.$n > /dev/null || log_error "missing key $(key_get KEY1 ID) from dnssec status"
grep "key: $(key_get KEY1 ID)" rndc.dnssec.status.out.$_zone.$n > /dev/null || log_error "missing key $(key_get KEY1 ID) from dnssec -status ${_zone}"
fi
if [ "$(key_get KEY2 EXPECT)" = "yes" ]; then
grep "key: $(key_get KEY2 ID)" rndc.dnssec.status.out.$_zone.$n > /dev/null || log_error "missing key $(key_get KEY2 ID) from dnssec status"
grep "key: $(key_get KEY2 ID)" rndc.dnssec.status.out.$_zone.$n > /dev/null || log_error "missing key $(key_get KEY2 ID) from dnssec -status ${_zone}"
fi
if [ "$(key_get KEY3 EXPECT)" = "yes" ]; then
grep "key: $(key_get KEY3 ID)" rndc.dnssec.status.out.$_zone.$n > /dev/null || log_error "missing key $(key_get KEY3 ID) from dnssec status"
grep "key: $(key_get KEY3 ID)" rndc.dnssec.status.out.$_zone.$n > /dev/null || log_error "missing key $(key_get KEY3 ID) from dnssec -status ${_zone}"
fi
if [ "$(key_get KEY4 EXPECT)" = "yes" ]; then
grep "key: $(key_get KEY4 ID)" rndc.dnssec.status.out.$_zone.$n > /dev/null || log_error "missing key $(key_get KEY4 ID) from dnssec status"
grep "key: $(key_get KEY4 ID)" rndc.dnssec.status.out.$_zone.$n > /dev/null || log_error "missing key $(key_get KEY4 ID) from dnssec -status ${_zone}"
fi
fi
......@@ -1370,8 +1370,8 @@ set_keytimes_algorithm_policy() {
# Second ZSK (KEY3).
created=$(key_get KEY3 CREATED)
set_keytime "KEY3" "PUBLISHED" "${published}"
set_keytime "KEY3" "ACTIVE" "${published}"
set_keytime "KEY3" "PUBLISHED" "${created}"
set_keytime "KEY3" "ACTIVE" "${created}"
# Key was pregenerated.
if [ "$1" == "pregenerated" ]; then
keyfile=$(key_get KEY3 BASEFILE)
......
......@@ -1975,7 +1975,6 @@ keystate_status(dst_key_t *key, isc_buffer_t *buf, const char *pre, int ks) {
void
dns_keymgr_status(dns_kasp_t *kasp, dns_dnsseckeylist_t *keyring,
isc_stdtime_t now, char *out, size_t out_len) {
isc_buffer_t buf;
char timestr[26]; /* Minimal buf as per ctime_r() spec. */
REQUIRE(DNS_KASP_VALID(kasp));
......@@ -1995,6 +1994,7 @@ dns_keymgr_status(dns_kasp_t *kasp, dns_dnsseckeylist_t *keyring,
{
char algstr[DNS_NAME_FORMATSIZE];
bool ksk = false, zsk = false;
isc_buffer_t buf;
if (dst_key_is_unused(dkey->key)) {
continue;
......