mirror of
https://github.com/isc-projects/bind9.git
synced 2026-02-27 20:11:12 -05:00
76cf72e65a
The 'key_init()' function is used to initialize a state file for keys that don't have one yet. This can happen if you are migrating from a 'auto-dnssec' or 'inline-signing' to a 'dnssec-policy' configuration. It did not look at the "Inactive" and "Delete" timing metadata and so old keys left behind in the key directory would also be considered as a possible active key. This commit fixes this and now explicitly sets the key goal to OMNIPRESENT for keys that have their "Active/Publish" timing metadata in the past, but their "Inactive/Delete" timing metadata in the future. If the "Inactive/Delete" timing metadata is also in the past, the key goal is set to HIDDEN. If the "Inactive/Delete" timing metadata is in the past, also the key states are adjusted to either UNRETENTIVE or HIDDEN, depending on how far in the past the metadata is set. |
||
|---|---|---|
| .. | ||
| arm | ||
| design | ||
| dev | ||
| dnssec-guide | ||
| doxygen | ||
| man | ||
| misc | ||
| notes | ||
| Makefile.am | ||