[Opendnssec-commits] [svn.opendnssec.org/svn/dnssec] r6071 - in branches/OpenDNSSEC-enforcer-ng: conf enforcer-ng/src/hsmkey

rickard at opendnssec.org rickard at opendnssec.org
Tue Jan 17 15:34:38 CET 2012


Author: rb
Date: 2012-01-17 15:34:37 +0100 (Tue, 17 Jan 2012)
New Revision: 6071

Modified:
   branches/OpenDNSSEC-enforcer-ng/conf/conf.xml.in
   branches/OpenDNSSEC-enforcer-ng/enforcer-ng/src/hsmkey/hsmkey_gen_task.cpp
Log:
This value was configurable. Lets use that so that we do not generate thousands of keys.


Modified: branches/OpenDNSSEC-enforcer-ng/conf/conf.xml.in
===================================================================
--- branches/OpenDNSSEC-enforcer-ng/conf/conf.xml.in	2012-01-17 10:21:00 UTC (rev 6070)
+++ branches/OpenDNSSEC-enforcer-ng/conf/conf.xml.in	2012-01-17 14:34:37 UTC (rev 6071)
@@ -46,6 +46,7 @@
 		<Datastore><SQLite>@OPENDNSSEC_STATE_DIR@/kasp.db</SQLite></Datastore>
 		<Interval>PT3600S</Interval>
 		<!-- <ManualKeyGeneration/> -->
+		<AutomaticKeyGenerationPeriod>P1Y</AutomaticKeyGenerationPeriod>
 		<!-- <RolloverNotification>P14D</RolloverNotification> -->
 		
 		<!-- the <DelegationSignerSubmitCommand> will get all current

Modified: branches/OpenDNSSEC-enforcer-ng/enforcer-ng/src/hsmkey/hsmkey_gen_task.cpp
===================================================================
--- branches/OpenDNSSEC-enforcer-ng/enforcer-ng/src/hsmkey/hsmkey_gen_task.cpp	2012-01-17 10:21:00 UTC (rev 6070)
+++ branches/OpenDNSSEC-enforcer-ng/enforcer-ng/src/hsmkey/hsmkey_gen_task.cpp	2012-01-17 14:34:37 UTC (rev 6071)
@@ -427,14 +427,14 @@
     }
 }
 
-static task_type * 
+static task_type *
 hsmkey_gen_task_perform(task_type *task)
 {
-	// by default pre-generate keys for all zones to last for a year.
-	time_t year = 365 * 24 * 3600;
-    perform_hsmkey_gen(-1, (engineconfig_type *)task->context, 0, year);
-    task_cleanup(task);
-    return NULL;
+	engineconfig_type *config = (engineconfig_type *)task->context;
+	time_t duration = config->automatic_keygen_duration;
+	perform_hsmkey_gen(-1, config, 0, duration);
+	task_cleanup(task);
+	return NULL;
 }
 
 task_type *




More information about the Opendnssec-commits mailing list