Commit 502cb95d authored by Libor Peltan's avatar Libor Peltan Committed by Daniel Salzman

ksk rollover: bugfix: enable signing of keys with KSK in READY state

parent be44184f
......@@ -293,7 +293,7 @@ static int prepare_and_check_keys(const knot_dname_t *zone_name, bool nsec3_enab
}
if (key->is_public) { u->is_public = true; }
if (key->is_active) {
if (key->is_active) { // TODO consider READY state (not for STSS for now)
if (key->is_ksk) { u->is_ksk_active = true; }
if (key->is_zsk) { u->is_zsk_active = true; }
}
......@@ -329,7 +329,7 @@ static int load_private_keys(dnssec_keystore_t *keystore, zone_keyset_t *keyset)
assert(keyset);
for (size_t i = 0; i < keyset->count; i++) {
if (!keyset->keys[i].is_active) {
if (!keyset->keys[i].is_active && !keyset->keys[i].is_ready) {
continue;
}
......
......@@ -129,7 +129,7 @@ static bool use_key(const zone_key_t *key, const knot_rrset_t *covered)
assert(key);
assert(covered);
if (!key->is_active) {
if (!key->is_active && !key->is_ready) {
return false;
}
......@@ -840,7 +840,7 @@ static int remove_invalid_records(const knot_rrset_t *soa,
static bool publish_cds(const zone_key_t *key)
{
return (key->is_ready && !key->is_active); // TODO uncomment
return (key->is_ready && !key->is_active);
}
/*!
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment