[Opendnssec-develop] DateTime::Duration
Rickard Bondesson
rickard.bondesson at iis.se
Wed Jun 10 13:32:26 UTC 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hi
All of our times in the configurations are positive, except in one case: <InceptionOffset>-PT300S</InceptionOffset>
The reason this duration is negative is because we want the signatures to be valid before the current time when signing.
But the kaspimport can not save negative numbers in the database. This fix would correct that problem if added to the duration2sec function:
*****
if ( $d->is_negative ) {
$sec = $sec * -1;
}
*****
The next problem is when generating the zone config. All output from the communicated to the XML is in the format "PTxxxS", where xxx is pure integer. This means that there must be checks for negative numbers in communicated so that we use the format "-PTxxxS".
The best solution would to only use positive durations in the config files and let the Signer Engine subtract the duration in this single case.
Any comments?
We need a fix because current code will not generate valid signatures (but they are valid 5 minutes later in this case).
// Rickard
-----BEGIN PGP SIGNATURE-----
Version: 9.8.3 (Build 4028)
Charset: utf-8
wsBVAwUBSi+16uCjgaNTdVjaAQj+mAf/chY04FpKrHulf02IGHXRgRafK29Oh5hS
jiShKZ6RL8nzH6+MEhmywdG27efHEi2i5l5Ilrmovh9hFih0cSr08BjkMtLOJor4
j90DE5JnLVZvi1+6c+bOvEpUyC/90tpRGMX9/nl5yzgfQFHhfQNO/HF0/eHFGjns
1M3HBidwZdsTB1CF52pU+kSGZ5DepsB69LCWfV4qKFsFJFB4Fw7Cvn67Ys8K1vxA
8rg8cxKSd0ORmaZiYURJIjDj8/yGJUj7knwVlrd0K0I5dolSUt41xz+tFc6fG89V
o2rzQ46kiDbDSQHJ3KMqJia/msWhbOQ8VcXProw4+9dTuTXp+pZeww==
=lw7J
-----END PGP SIGNATURE-----
More information about the Opendnssec-develop
mailing list