From 2fcd842a82033fbcdbc3f40a320c5be26f926fee Mon Sep 17 00:00:00 2001 From: Mark Andrews Date: Wed, 2 Nov 2022 06:55:52 +0000 Subject: [PATCH] TLS setting of primaries with catalog zones where being ignored Extract the tlss values if present from the ipkeylist entry and add the resulting tls setting to the constructed configuration for the primary. When comparing catalog zone entries for reuse also check the masters.tlss values for equality. (cherry picked from commit 65f2512315fa9d46e2caf3695e066f14fa974b21) --- lib/dns/catz.c | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/lib/dns/catz.c b/lib/dns/catz.c index 3aa3ec2f6c..7339ef1c7b 100644 --- a/lib/dns/catz.c +++ b/lib/dns/catz.c @@ -375,6 +375,20 @@ dns_catz_entry_cmp(const dns_catz_entry_t *ea, const dns_catz_entry_t *eb) { } } + for (size_t i = 0; i < eb->opts.masters.count; i++) { + if ((ea->opts.masters.tlss[i] == NULL) != + (eb->opts.masters.tlss[i] == NULL)) { + return (false); + } + if (ea->opts.masters.tlss[i] == NULL) { + continue; + } + if (!dns_name_equal(ea->opts.masters.tlss[i], + eb->opts.masters.tlss[i])) { + return (false); + } + } + /* If one is NULL and the other isn't, the entries don't match */ if ((ea->opts.allow_query == NULL) != (eb->opts.allow_query == NULL)) { return (false); @@ -1972,6 +1986,15 @@ dns_catz_generate_zonecfg(dns_catz_zone_t *zone, dns_catz_entry_t *entry, goto cleanup; } } + + if (entry->opts.masters.tlss[i] != NULL) { + isc_buffer_putstr(buffer, " tls "); + result = dns_name_totext(entry->opts.masters.tlss[i], + true, buffer); + if (result != ISC_R_SUCCESS) { + goto cleanup; + } + } isc_buffer_putstr(buffer, "; "); } isc_buffer_putstr(buffer, "}; ");