Skip to content
Snippets Groups Projects
Commit 668eab44 authored by Libor Peltan's avatar Libor Peltan Committed by Daniel Salzman
Browse files

dnssec/rollovers: prevent increasing confusion when 2 active ZSKs

parent 83ac6a05
No related branches found
No related tags found
1 merge request!1731dnssec/rollovers: prevent increasing confusion when 2 active ZSKs
Pipeline #132924 passed
Stage: build
Stage: test
Hide whitespace changes
Inline Side-by-side
src/knot/dnssec/key-events.c
+ 5
4
View file @ 668eab44
......@@ -244,7 +244,7 @@ static int generate_ksk(kdnssec_ctx_t *ctx, knot_time_t when_active, bool pre_ac
static bool running_rollover(const kdnssec_ctx_t *ctx)
{
bool res = false;
bool ready_ksk = false, active_ksk = false;
int ready_ksk = 0, active_ksk = 0, active_zsk = 0;
for (size_t i = 0; i < ctx->zone->num_keys; i++) {
knot_kasp_key_t *key = &ctx->zone->keys[i];
......@@ -259,10 +259,11 @@ static bool running_rollover(const kdnssec_ctx_t *ctx)
res = true;
break;
case DNSSEC_KEY_STATE_READY:
ready_ksk = (ready_ksk || key->is_ksk);
ready_ksk += (key->is_ksk ? 1 : 0);
break;
case DNSSEC_KEY_STATE_ACTIVE:
active_ksk = (active_ksk || key->is_ksk);
active_ksk += (key->is_ksk ? 1 : 0);
active_zsk += (key->is_zsk ? 1 : 0);
break;
case DNSSEC_KEY_STATE_RETIRE_ACTIVE:
case DNSSEC_KEY_STATE_POST_ACTIVE:
......@@ -274,7 +275,7 @@ static bool running_rollover(const kdnssec_ctx_t *ctx)
break;
}
}
if (ready_ksk && active_ksk) {
if (ready_ksk + active_ksk > 1 || active_zsk > 1) {
res = true;
}
return res;
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment