[Opendnssec-commits] [keihatsu.kirei.se/svn/dnssec] r3822 - trunk/OpenDNSSEC/signer/src/signer

Matthijs Mekking matthijs at nlnetlabs.nl
Fri Aug 27 12:27:42 CEST 2010


Author: matthijs
Date: 2010-08-27 12:27:42 +0200 (Fri, 27 Aug 2010)
New Revision: 3822

Modified:
   trunk/OpenDNSSEC/signer/src/signer/rrset.c
Log:
also don't refresh signatures for whos inception time has not yet passed

Modified: trunk/OpenDNSSEC/signer/src/signer/rrset.c
===================================================================
--- trunk/OpenDNSSEC/signer/src/signer/rrset.c	2010-08-27 09:59:13 UTC (rev 3821)
+++ trunk/OpenDNSSEC/signer/src/signer/rrset.c	2010-08-27 10:27:42 UTC (rev 3822)
@@ -379,6 +379,7 @@
     ldns_dnssec_rrs* prev_rrs = NULL;
     uint32_t refresh = 0;
     uint32_t expiration = 0;
+    uint32_t inception = 0;
 
     if (rrset->drop_signatures) {
         se_log_debug("drop signatures for RRset[%i]", rrset->rr_type);
@@ -400,8 +401,9 @@
     rrs = rrset->rrsigs;
     while (rrs) {
         expiration = ldns_rdf2native_int32(ldns_rr_rrsig_expiration(rrs->rr));
+        inception = ldns_rdf2native_int32(ldns_rr_rrsig_inception(rrs->rr));
 
-        if (!refresh || expiration < refresh) {
+        if (!refresh || expiration < refresh || inception > signtime) {
             /* this is it */
             se_log_debug("refresh signature for RRset[%i] (refresh=%u, "
                 "expiration=%u)", rrset->rr_type, refresh, expiration);
@@ -456,7 +458,7 @@
     }
 
     /**
-     * Additional chheck for signature lifetimes.
+     * Additional check for signature lifetimes.
      */
     if (((validity + offset + random_jitter) - jitter) <
         ((validity + offset) - jitter) ) {




More information about the Opendnssec-commits mailing list