[Opendnssec-commits] [keihatsu.kirei.se/svn/dnssec] r4064 - trunk/OpenDNSSEC/signer/src/signer

Matthijs Mekking matthijs at nlnetlabs.nl
Wed Oct 6 16:03:19 CEST 2010


Author: matthijs
Date: 2010-10-06 16:03:19 +0200 (Wed, 06 Oct 2010)
New Revision: 4064

Modified:
   trunk/OpenDNSSEC/signer/src/signer/rrset.c
Log:
remove signed_with variable



Modified: trunk/OpenDNSSEC/signer/src/signer/rrset.c
===================================================================
--- trunk/OpenDNSSEC/signer/src/signer/rrset.c	2010-10-06 13:27:14 UTC (rev 4063)
+++ trunk/OpenDNSSEC/signer/src/signer/rrset.c	2010-10-06 14:03:19 UTC (rev 4064)
@@ -642,7 +642,6 @@
     signconf_type* sc, time_t signtime, uint32_t serial, stats_type* stats)
 {
     int error = 0;
-    uint8_t signed_with = 0;
     uint32_t newsigs = 0;
     uint32_t reusedsigs = 0;
     ldns_rr* rrsig = NULL;
@@ -678,17 +677,24 @@
         key = sc->keys->first_key;
         while (key) {
             /* ksk or zsk ? */
-            if ((!key->zsk && rrset->rr_type != LDNS_RR_TYPE_DNSKEY) ||
-                (!key->ksk && rrset->rr_type == LDNS_RR_TYPE_DNSKEY)) {
+            if (!key->zsk && rrset->rr_type != LDNS_RR_TYPE_DNSKEY) {
+                se_log_deeebug("skipping key %s for signing RRset[%i]: no "
+                    "active ZSK", key->locator, rrset->rr_type);
                 key = key->next;
                 continue;
             }
 
+            if (!key->ksk && rrset->rr_type == LDNS_RR_TYPE_DNSKEY) {
+                se_log_deeebug("skipping key %s for signing RRset[DNSKEY]: no "
+                    "active KSK", key->locator);
+                key = key->next;
+                continue;
+            }
+
             /* is there a signature with this algorithm already? */
-            if (signed_with != key->algorithm ||
-                rrset_signed_with_algorithm(rrset, key->algorithm)) {
-
-                signed_with = key->algorithm;
+            if (rrset_signed_with_algorithm(rrset, key->algorithm)) {
+                se_log_debug("skipping key %s for signing: RRset[%i] already "
+                    "has signature with same algorithm", key->locator);
                 key = key->next;
                 continue;
             }
@@ -699,6 +705,8 @@
              */
 
             /* sign the RRset with current key */
+            se_log_deeebug("signing RRset[%i] with key %s",
+                rrset->rr_type, key->locator);
             rrsig = hsm_sign_rrset_with_key(ctx, owner, key, rr_list,
                  inception, expiration);
             if (!rrsig) {
@@ -709,6 +717,9 @@
                 return 1;
             }
             /* add the signature to the set of new signatures */
+            se_log_deeebug("new signature created for RRset[%i]",
+                rrset->rr_type);
+            rrset_log_rr(rrsig, "+RRSIG", 6);
             error = rrsigs_add_sig(new_rrsigs, rrsig, key->locator,
                 key->flags);
             if (error) {
@@ -727,6 +738,9 @@
         walk_rrsigs = new_rrsigs;
         while (walk_rrsigs) {
             if (walk_rrsigs->rr) {
+                se_log_deeebug("adding signature to RRset[%i]",
+                    rrset->rr_type);
+                rrset_log_rr(rrsig, "+RRSIG", 6);
                 error = rrsigs_add_sig(rrset->rrsigs,
                     ldns_rr_clone(walk_rrsigs->rr),
                     walk_rrsigs->key_locator, walk_rrsigs->key_flags);
@@ -741,6 +755,8 @@
                 rrset->rrsig_count += 1;
                 rrset_log_rr(walk_rrsigs->rr, "+RRSIG", 6);
                 newsigs++;
+            } else {
+                se_log_deeebug("signature set is missing RRSIG record");
             }
             walk_rrsigs = walk_rrsigs->next;
         }




More information about the Opendnssec-commits mailing list