online-signing module is incompatible with new DNSSEC configuration
The online-signing module is incompatible with KASP in the server config. It looks up the keys in a wrong location.
This is the current code from online_sign.c
. It considers only the old config option kasp-db
.
static char *conf_kasp_path(const knot_dname_t *zone)
{
conf_val_t val = { 0 };
val = conf_zone_get(conf(), C_STORAGE, zone);
char *storage = conf_abs_path(&val, NULL);
val = conf_zone_get(conf(), C_KASP_DB, zone);
char *kasp_db = conf_abs_path(&val, storage);
free(storage);
return kasp_db;
}
Also the example in documentation doesn't work. The module deserves some cleanup.