mirror of
https://github.com/isc-projects/bind9.git
synced 2026-03-10 10:11:39 -04:00
5e3aef364f
Track inside the dns_dnsseckey structure whether we have seen the
private key, or if this key only has a public key file.
If the key only has a public key file, or a DNSKEY reference in the
zone, mark the key 'pubkey'. In dnssec-signzone, if the key only
has a public key available, consider the key to be offline. Any
signatures that should be refreshed for which the key is not available,
retain the signature.
So in the code, 'expired' becomes 'refresh', and the new 'expired'
is only used to determine whether we need to keep the signature if
the corresponding key is not available (retaining the signature if
it is not expired).
In the 'keysthatsigned' function, we can remove:
- key->force_publish = false;
- key->force_sign = false;
because they are redundant ('dns_dnsseckey_create' already sets these
values to false).
|
||
|---|---|---|
| .. | ||
| dns | ||
| isc | ||
| isccc | ||
| isccfg | ||
| ns | ||
| .gitignore | ||
| Makefile.am | ||