Commit 00a84566 authored by Daniel Salzman's avatar Daniel Salzman

Merge branch 'sign_fix_critical' into 'master'

dnssec: fixed signing by KSK in ready state

See merge request !755
parents 03316014 422a0384
......@@ -331,7 +331,8 @@ static int prepare_and_check_keys(const knot_dname_t *zone_name, bool nsec3_enab
if (key->is_ksk && (key->is_ready || key->is_active)) {
u->is_ksk_active = true;
}
if (key->is_zsk && key->is_active) {
if (key->is_zsk && (key->is_active ||
(key->is_ksk && key->is_ready))) {
u->is_zsk_active = true;
}
}
......
......@@ -258,7 +258,7 @@ static int remove_expired_rrsigs(const knot_rrset_t *covered,
int endloop = 0; // 1 - continue; 2 - break
dynarray_foreach(keyptr, zone_key_t *, key, keys) {
if (!(*key)->is_active) {
if (!(*key)->is_active && !(*key)->is_ready) {
continue;
}
result = knot_check_signature(covered, &synth_rrsig, i,
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment