daemon/lua/trust_anchors: don't crash when dealing with unknown algorhitm (!788) · Merge requests · Knot projects / Knot Resolver

Merged Tomas Krizek requested to merge key-rollover into master 6 years ago

Apr 04, 2019
- trust_anchors: update Deckard to take ta_update module into account · 2346346b
  Petr Špaček authored 6 years ago
  
  Verified
  
  2346346b
- trust_anchors: improve error messages · 56070bf9
  Tomas Krizek authored 6 years ago and Petr Špaček committed 6 years ago
  
  Verified
  
  56070bf9
- trust_anchors: add explanatory error messages for removed functions · b25212ef
  Petr Špaček authored 6 years ago
  
  Verified
  
  b25212ef
- unify error message format between between C and Lua · 2efa642b
  Petr Špaček authored 6 years ago
  
  User-friendly error message is intentionally at the end so users, typically looking at the last line in logs, can see immediatelly what happened.
  Verified
  
  2efa642b
- trust_anchors: do not accept add_file() for managed TA without ta_update module · ff41bca5
  Petr Špaček authored 6 years ago
  
  Previous version would add the TA and then print error message, which is not expected.
  Verified
  
  ff41bca5
- meson: config_tests - remove obsolete args, retuncode checks · 8451e991
  Tomas Krizek authored 6 years ago and Petr Špaček committed 6 years ago
  
  Verified
  
  8451e991
- trust_anchrors/bootstrap.test: fix test · 74098a8b
  Tomas Krizek authored 6 years ago and Petr Špaček committed 6 years ago
  
  Verified
  
  74098a8b
- WIP: test/integration: update deckard · d45c03de
  Tomas Krizek authored 6 years ago and Petr Špaček committed 6 years ago
  
  Verified
  
  d45c03de
- ci: fix luacheck · 08427d19
  Tomas Krizek authored 6 years ago and Petr Špaček committed 6 years ago
  
  Verified
  
  08427d19
- ta_update.test: increase time for testing in CI · 9db8ffbf
  Tomas Krizek authored 6 years ago and Petr Špaček committed 6 years ago
  
  Verified
  
  9db8ffbf
- ta_update: abort update if keyset is no longer managed · e71446c8
  Tomas Krizek authored 6 years ago and Petr Špaček committed 6 years ago
  
  Verified
  
  e71446c8
- ta_update: remove useless initialization · 56447445
  Tomas Krizek authored 6 years ago and Petr Špaček committed 6 years ago
  
  It's impossible to add managed keysets unless ta_update is loaded, in which case ta_update.start() is called by trust_anchors.add_file(). On ta_update unload, previously managed keys are flagged as unmanaged.
  Verified
  
  56447445
- doc/upgrading: document removal of -k and -K · 0f473f3d
  Tomas Krizek authored 6 years ago and Petr Špaček committed 6 years ago
  
  Verified
  
  0f473f3d
- trust_anchors: remove syntactic sugar and duplicity · 41ba4b4d
  Tomas Krizek authored 6 years ago and Petr Špaček committed 6 years ago
  
  Verified
  
  41ba4b4d
- trust_anchors: always load keyfile_default · 8abc490f
  Tomas Krizek authored 6 years ago and Petr Špaček committed 6 years ago
  
  Verified
  
  8abc490f
- trust_anchors: make sure to stop tracking managed key when overriding it · e2abf7fa
  Tomas Krizek authored 6 years ago and Petr Špaček committed 6 years ago
  
  Verified
  
  e2abf7fa
- daemon: remove -k/-K options · 1405517d
  Tomas Krizek authored 6 years ago and Petr Špaček committed 6 years ago
  
  Since DNSSEC is now enabled by default and always loads the keyfile_default specified during compilation, these options are obsolete. Use trust_anchors.add_file() in config file if you require this functionality.
  Verified
  
  1405517d
- scripts/launch-test-instance: remove obsolete script · 18f2fa74
  Tomas Krizek authored 6 years ago and Petr Špaček committed 6 years ago
  
  Verified
  
  18f2fa74
- ta_update: polish test · 37e60e28
  Tomas Krizek authored 6 years ago and Petr Špaček committed 6 years ago
  
  Verified
  
  37e60e28
- trust_anchors: rename distrust to remove · 1f569a24
  Tomas Krizek authored 6 years ago and Petr Špaček committed 6 years ago
  
  Verified
  
  1f569a24
- trust_anchors: document distrust and polish related docs · aaff913c
  Petr Špaček authored 6 years ago
  
  Verified
  
  aaff913c
- ta_update: remove parameter refresh_plan(is_initial) · 8f9992c4
  Petr Špaček authored 6 years ago
  
  It was unused since cleanup in trust_anchors and just cluttering the code.
  Verified
  
  8f9992c4
- trust_anchors: use cleaner interface between ta_update and trust_anchors module · 22b0c6d5
  Tomas Krizek authored 6 years ago and Petr Špaček committed 6 years ago
  
  + tests Exracting RFC 5011 to separate module was a good opportunity for cleanup.
  Verified
  
  22b0c6d5
- trust_anchors: add distrust function to remove TA · 0ca663dc
  Petr Špaček authored 6 years ago
  
  Verified
  
  0ca663dc
- trust_anchors: do not bootstrap if root TA exists · f57cf735
  Petr Špaček authored 6 years ago
  
  Previously a typo in keyfile path triggered re-bootstrap even if root TA was already installed.
  Verified
  
  f57cf735
- trust_anchors: get rid of double negation in add_file() · 373b42ed
  Petr Špaček authored 6 years ago
  
  This simple change makes it easier to follow what the code does.
  Verified
  
  373b42ed
- ci: luacheckrc - organize, add ta_update · bc526c3f
  Tomas Krizek authored 6 years ago and Petr Špaček committed 6 years ago
  
  Verified
  
  bc526c3f
- nitpick: modules/ta_update - unify log message format · 7ac587af
  Tomas Krizek authored 6 years ago and Petr Špaček committed 6 years ago
  
  Verified
  
  7ac587af
- modules/ta_update: remove all asserts · 49366242
  Tomas Krizek authored 6 years ago and Petr Špaček committed 6 years ago
  
  Verified
  
  49366242
- tests/integration: update kresd config for deckard · 1651125a
  Tomas Krizek authored 6 years ago and Petr Špaček committed 6 years ago
  
  Verified
  
  1651125a
- lua/trust_anchors: use tabs everywhere · 8f3a157a
  Tomas Krizek authored 6 years ago and Petr Špaček committed 6 years ago
  
  Verified
  
  8f3a157a
- daemon/lua/trust_anchors: write keyset after bootstrap · ad351baa
  Tomas Krizek authored 6 years ago and Petr Špaček committed 6 years ago
  
  Verified
  
  ad351baa
- modules/ta_update: move RFC5011 to a separate module · feac3e94
  Tomas Krizek authored 6 years ago and Petr Špaček committed 6 years ago
  
  Verified
  
  feac3e94
- daemon/lua/trust_anchors: bootstrap TA immediately after startup · 960cc1b3
  Tomas Krizek authored 6 years ago and Petr Špaček committed 6 years ago
  
  Verified
  
  960cc1b3
- daemon/lua/trust_anchors: don't crash when dealing with unknown algorhitm · 088aad9e
  Tomas Krizek authored 6 years ago and Petr Špaček committed 6 years ago
  
  Verified
  
  088aad9e
- daemon/lua/trust_anchors.test.integr: test key rollover to unsupported algorhitm · 4410fa55
  Tomas Krizek authored 6 years ago and Petr Špaček committed 6 years ago
  
  Verified
  
  4410fa55

Admin message

daemon/lua/trust_anchors: don't crash when dealing with unknown algorhitm

Merge request reports

Activity