Commit 772e1f32 authored by Libor Peltan's avatar Libor Peltan

nsec: removed unneeded params

parent 22abf3ae
......@@ -178,7 +178,7 @@ int knot_dnssec_zone_sign(zone_update_t *update,
goto done;
}
result = knot_zone_create_nsec_chain(update, &keyset, &ctx, false);
result = knot_zone_create_nsec_chain(update, &keyset, &ctx);
if (result != KNOT_EOK) {
log_zone_error(zone_name, "DNSSEC, failed to create NSEC%s chain (%s)",
ctx.policy->nsec3_enabled ? "3" : "",
......@@ -262,7 +262,7 @@ int knot_dnssec_sign_update(zone_update_t *update, zone_sign_reschedule_t *resch
goto done;
}
result = knot_zone_fix_nsec_chain(update, &keyset, &ctx, true);
result = knot_zone_fix_nsec_chain(update, &keyset, &ctx);
if (result != KNOT_EOK) {
log_zone_error(zone_name, "DNSSEC, failed to fix NSEC%s chain (%s)",
ctx.policy->nsec3_enabled ? "3" : "",
......
......@@ -277,8 +277,7 @@ static dnssec_nsec3_params_t nsec3param_init(const knot_kasp_policy_t *policy,
int knot_zone_create_nsec_chain(zone_update_t *update,
const zone_keyset_t *zone_keys,
const kdnssec_ctx_t *ctx,
bool sign_nsec_chain)
const kdnssec_ctx_t *ctx)
{
if (update == NULL || ctx == NULL) {
return KNOT_EINVAL;
......@@ -306,25 +305,13 @@ int knot_zone_create_nsec_chain(zone_update_t *update,
if (ctx->policy->nsec3_enabled) {
ret = knot_nsec3_create_chain(update->new_cont, &params, nsec_ttl,
ctx->policy->nsec3_opt_out, &ch);
if (ret != KNOT_EOK) {
goto cleanup;
}
} else {
ret = knot_nsec_create_chain(update->new_cont, nsec_ttl, &ch);
if (ret != KNOT_EOK) {
goto cleanup;
}
ret = delete_nsec3_chain(update->new_cont, &ch);
if (ret != KNOT_EOK) {
goto cleanup;
if (ret == KNOT_EOK) {
ret = delete_nsec3_chain(update->new_cont, &ch);
}
}
if (sign_nsec_chain) {
ret = knot_zone_sign_nsecs_in_changeset(zone_keys, ctx, &ch);
}
if (ret == KNOT_EOK) {
ret = zone_update_apply_changeset(update, &ch);
}
......@@ -337,8 +324,7 @@ cleanup:
int knot_zone_fix_nsec_chain(zone_update_t *update,
const zone_keyset_t *zone_keys,
const kdnssec_ctx_t *ctx,
bool sign_nsec_chain)
const kdnssec_ctx_t *ctx)
{
if (update == NULL || ctx == NULL) {
return KNOT_EINVAL;
......@@ -388,10 +374,7 @@ int knot_zone_fix_nsec_chain(zone_update_t *update,
goto cleanup;
}
if (sign_nsec_chain) {
ret = knot_zone_sign_nsecs_in_changeset(zone_keys, ctx, &ch);
}
ret = knot_zone_sign_nsecs_in_changeset(zone_keys, ctx, &ch);
if (ret == KNOT_EOK) {
// Disable strict changeset application momentarily for the NSEC chain fix.
// This is important for NSEC3, since some nodes are removed from contents
......
......@@ -70,26 +70,22 @@ int knot_create_nsec3_owner(uint8_t *out, size_t out_size,
* \param update Zone Update with current zone contents and to be updated with NSEC chain.
* \param zone_keys Zone keys used for NSEC(3) creation.
* \param ctx Signing context.
* \param sign_nsec_chain If true, the created NSEC(3) chain is signed at the end.
*
* \return Error code, KNOT_EOK if successful.
*/
int knot_zone_create_nsec_chain(zone_update_t *update,
const zone_keyset_t *zone_keys,
const kdnssec_ctx_t *ctx,
bool sign_nsec_chain);
const kdnssec_ctx_t *ctx);
/*!
* \brief Fix NSEC or NSEC3 chain after zone was updated.
* \brief Fix NSEC or NSEC3 chain after zone was updated, and sign the changed NSECs.
*
* \param update Zone Update with the update and to be update with NSEC chain.
* \param zone_keys Zone keys used for NSEC(3) creation.
* \param ctx Signing context.
* \param sign_nsec_chain If true, the created NSEC(3) chain is signed at the end.
*
* \return Error code, KNOT_EOK if successful.
*/
int knot_zone_fix_nsec_chain(zone_update_t *update,
const zone_keyset_t *zone_keys,
const kdnssec_ctx_t *ctx,
bool sign_nsec_chain);
const kdnssec_ctx_t *ctx);
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment