Commit 10a12c7a authored by Daniel Salzman's avatar Daniel Salzman

Merge branch 'alg_roll_warn' into 'master'

alg rollover: removed 'different alg' warning

See merge request !842
parents 68352fc9 bbc94986
......@@ -42,16 +42,6 @@ int kdnssec_generate_key(kdnssec_ctx_t *ctx, bool ksk, knot_kasp_key_t **key_ptr
dnssec_key_algorithm_t algorithm = ctx->policy->algorithm;
unsigned size = ksk ? ctx->policy->ksk_size : ctx->policy->zsk_size;
for (size_t i = 0; i < ctx->zone->num_keys; i++) {
knot_kasp_key_t *kasp_key = &ctx->zone->keys[i];
if (dnssec_key_get_flags(kasp_key->key) == dnskey_flags(ksk) &&
dnssec_key_get_algorithm(kasp_key->key) != ctx->policy->algorithm) {
log_zone_warning(ctx->zone->dname, "DNSSEC, creating key with different"
" algorithm than policy");
break;
}
}
// generate key in the keystore
char *id = NULL;
......
......@@ -144,6 +144,16 @@ int keymgr_generate_key(kdnssec_ctx_t *ctx, int argc, char *argv[])
}
printf("alg %d\n", (int)ctx->policy->algorithm);
for (size_t i = 0; i < ctx->zone->num_keys; i++) {
knot_kasp_key_t *kasp_key = &ctx->zone->keys[i];
if (dnssec_key_get_flags(kasp_key->key) == dnskey_flags(isksk) &&
dnssec_key_get_algorithm(kasp_key->key) != ctx->policy->algorithm) {
printf("warning: creating key with different algorithm than "
"configured in the policy\n");
break;
}
}
knot_kasp_key_t *key = NULL;
int ret = kdnssec_generate_key(ctx, isksk, &key);
if (ret != KNOT_EOK) {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment