From 06e7340198bbd89b6765998a04abde217e7b0e7b Mon Sep 17 00:00:00 2001 From: Mark Andrews Date: Tue, 20 Oct 2009 03:15:06 +0000 Subject: [PATCH] 2719. [func] Skip trusted/managed keys for unsupported algorithms. [RT #20392] --- CHANGES | 3 +++ bin/named/server.c | 17 ++++++++++++++--- 2 files changed, 17 insertions(+), 3 deletions(-) diff --git a/CHANGES b/CHANGES index 118a99edc1..39608fe428 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,6 @@ +2719. [func] Skip trusted/managed keys for unsupported algorithms. + [RT #20392] + 2718. [bug] The space calculations in opensslrsa_todns() were incorrect. [RT #20394] diff --git a/bin/named/server.c b/bin/named/server.c index 8b7ab9951a..268a60e478 100644 --- a/bin/named/server.c +++ b/bin/named/server.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: server.c,v 1.551 2009/10/12 20:48:11 each Exp $ */ +/* $Id: server.c,v 1.552 2009/10/20 03:15:06 marka Exp $ */ /*! \file */ @@ -552,6 +552,11 @@ dstkey_fromconfig(const cfg_obj_t *vconfig, const cfg_obj_t *key, "ignoring %s key for '%s': no crypto support", managed ? "managed" : "trusted", keynamestr); + } else if (result == DST_R_UNSUPPORTEDALG) { + cfg_obj_log(key, ns_g_lctx, ISC_LOG_WARNING, + "skipping %s key for '%s': %s", + managed ? "managed" : "trusted", + keynamestr, isc_result_totext(result)); } else { cfg_obj_log(key, ns_g_lctx, ISC_LOG_ERROR, "configuring %s key for '%s': %s", @@ -584,8 +589,14 @@ load_view_keys(const cfg_obj_t *keys, const cfg_obj_t *vconfig, elt2 != NULL; elt2 = cfg_list_next(elt2)) { key = cfg_listelt_value(elt2); - CHECK(dstkey_fromconfig(vconfig, key, managed, - &dstkey, mctx)); + result = dstkey_fromconfig(vconfig, key, managed, + &dstkey, mctx); + if (result == DST_R_UNSUPPORTEDALG) { + result = ISC_R_SUCCESS; + continue; + } + if (result != ISC_R_SUCCESS) + goto cleanup; CHECK(dns_keytable_add(view->secroots, managed, &dstkey)); }