From 330365566dab00a1b659dd32e90698800f13af0f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Micha=C5=82=20K=C4=99pie=C5=84?= <michal@isc.org>
Date: Fri, 18 Aug 2017 11:17:43 +0200
Subject: [PATCH] [master] Prevent dnssec-settime from printing a bogus warning

4686.	[bug]		dnssec-settime -p could print a bogus warning about
			key deletion scheduled before its inactivation when a
			key had an inactivation date set but no deletion date
			set. [RT #45807]
---
 CHANGES                            | 5 +++++
 bin/dnssec/dnssec-settime.c        | 2 +-
 bin/tests/system/metadata/tests.sh | 9 +++++++++
 3 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/CHANGES b/CHANGES
index f1232dcf21..c29c72afba 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,8 @@
+4686.	[bug]		dnssec-settime -p could print a bogus warning about
+			key deletion scheduled before its inactivation when a
+			key had an inactivation date set but no deletion date
+			set. [RT #45807]
+
 4685.	[bug]		dnssec-settime incorrectly calculated publication and
 			activation dates for a successor key. [RT #45806]
 
diff --git a/bin/dnssec/dnssec-settime.c b/bin/dnssec/dnssec-settime.c
index 6501708834..a51fd453f0 100644
--- a/bin/dnssec/dnssec-settime.c
+++ b/bin/dnssec/dnssec-settime.c
@@ -524,7 +524,7 @@ main(int argc, char **argv) {
 			     &prevdel) == ISC_R_SUCCESS &&
 	     setinact && !setdel && !unsetdel && prevdel < inact) ||
 	    (!setdel && !unsetdel && !setinact && !unsetinact &&
-	     prevdel < previnact))
+	     prevdel != 0 && prevdel < previnact))
 		fprintf(stderr, "%s: warning: Key is scheduled to "
 				"be deleted before it is\n\t"
 				"scheduled to be inactive.\n",
diff --git a/bin/tests/system/metadata/tests.sh b/bin/tests/system/metadata/tests.sh
index 7711d52838..e63277bc68 100644
--- a/bin/tests/system/metadata/tests.sh
+++ b/bin/tests/system/metadata/tests.sh
@@ -162,6 +162,15 @@ n=`expr $n + 1`
 if [ $ret != 0 ]; then echo "I:failed"; fi
 status=`expr $status + $ret`
 
+echo "I:checking no warning about delete date < inactive date with dnssec-settime when delete date is unset ($n)"
+ret=0
+$SETTIME -D none `cat oldstyle.key` > tmp.out 2>&1 || ret=1
+$SETTIME -p all `cat oldstyle.key` > tmp.out 2>&1 || ret=1
+grep "warning" tmp.out > /dev/null 2>&1 && ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
 echo "I:checking warning about delete date < inactive date with dnssec-keygen ($n)"
 ret=0
 # keygen should print a warning about delete < inactive