upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-05-27 20:25:55 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

TLS setting of primaries with catalog zones where being ignored

Browse source 
Extract the tlss values if present from the ipkeylist entry and add
the resulting tls setting to the constructed configuration for the
primary.

When comparing catalog zone entries for reuse also check the
masters.tlss values for equality.

(cherry picked from commit 65f2512315)
This commit is contained in:
Mark Andrews 2022-11-02 06:55:52 +00:00
parent d8027595c5
commit 2fcd842a82
1 changed files with 23 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

23
lib/dns/catz.c
View file

@ -375,6 +375,20 @@ dns_catz_entry_cmp(const dns_catz_entry_t *ea, const dns_catz_entry_t *eb) {
}
}
for (size_t i = 0; i < eb->opts.masters.count; i++) {
if ((ea->opts.masters.tlss[i] == NULL) !=
(eb->opts.masters.tlss[i] == NULL)) {
return (false);
}
if (ea->opts.masters.tlss[i] == NULL) {
continue;
}
if (!dns_name_equal(ea->opts.masters.tlss[i],
eb->opts.masters.tlss[i])) {
return (false);
}
}
/* If one is NULL and the other isn't, the entries don't match */
if ((ea->opts.allow_query == NULL) != (eb->opts.allow_query == NULL)) {
return (false);
@ -1972,6 +1986,15 @@ dns_catz_generate_zonecfg(dns_catz_zone_t *zone, dns_catz_entry_t *entry,
goto cleanup;
}
}
if (entry->opts.masters.tlss[i] != NULL) {
isc_buffer_putstr(buffer, " tls ");
result = dns_name_totext(entry->opts.masters.tlss[i],
true, buffer);
if (result != ISC_R_SUCCESS) {
goto cleanup;
}
}
isc_buffer_putstr(buffer, "; ");
}
isc_buffer_putstr(buffer, "}; ");