[Opendnssec-commits] [keihatsu.kirei.se/svn/dnssec] r3770 - trunk/OpenDNSSEC/signer/src/signer

Matthijs Mekking matthijs at nlnetlabs.nl
Tue Aug 24 12:27:36 CEST 2010


Author: matthijs
Date: 2010-08-24 12:27:36 +0200 (Tue, 24 Aug 2010)
New Revision: 3770

Modified:
   trunk/OpenDNSSEC/signer/src/signer/rrset.c
   trunk/OpenDNSSEC/signer/src/signer/zonedata.c
Log:
debug prints for signature lifetimes

Modified: trunk/OpenDNSSEC/signer/src/signer/rrset.c
===================================================================
--- trunk/OpenDNSSEC/signer/src/signer/rrset.c	2010-08-23 11:25:38 UTC (rev 3769)
+++ trunk/OpenDNSSEC/signer/src/signer/rrset.c	2010-08-24 10:27:36 UTC (rev 3770)
@@ -454,6 +454,27 @@
     } else {
         validity = duration2time(sc->sig_validity_default);
     }
+
+    /**
+     * Additional chheck for signature lifetimes.
+     */
+    if (((validity + offset + random_jitter) - jitter) <
+        ((validity + offset) - jitter) ) {
+        se_log_error("signature validity %u too low, should be at least %u",
+            ((validity + offset + random_jitter) - jitter),
+            ((validity + offset) - jitter));
+    } else if (((validity + offset + random_jitter) - jitter) >
+               ((validity + offset) + jitter) ) {
+        se_log_error("signature validity %u too high, should be at most %u",
+            ((validity + offset + random_jitter) - jitter),
+            ((validity + offset) + jitter));
+    } else {
+        se_log_debug("signature validity %u in range [%u - %u]",
+            ((validity + offset + random_jitter) - jitter),
+            ((validity + offset) - jitter),
+            ((validity + offset) + jitter));
+    }
+
     *inception = signtime - offset;
     *expiration = signtime + validity - jitter + random_jitter;
     return;

Modified: trunk/OpenDNSSEC/signer/src/signer/zonedata.c
===================================================================
--- trunk/OpenDNSSEC/signer/src/signer/zonedata.c	2010-08-23 11:25:38 UTC (rev 3769)
+++ trunk/OpenDNSSEC/signer/src/signer/zonedata.c	2010-08-24 10:27:36 UTC (rev 3770)
@@ -779,6 +779,11 @@
         return 2;
     }
 
+    se_log_debug("rrsig timers: offset=%u jitter=%u validity=%u",
+        duration2time(sc->sig_inception_offset),
+        duration2time(sc->sig_jitter),
+        duration2time(sc->sig_validity_denial));
+
     node = ldns_rbtree_first(zd->domains);
     while (node && node != LDNS_RBTREE_NULL) {
         domain = (domain_type*) node->data;




More information about the Opendnssec-commits mailing list