Merge branch 'marka-Psync-future-v9_14' into 'v9_14'

Marka psync future v9 14

See merge request isc-projects/bind9!2926

CHANGES

@@ -1,3 +1,6 @@
+5348.	[bug]		dnssec-settime -Psync was not being honoured.
+			[GL !2893]
+
 5339.	[bug]		With some libmaxminddb versions, named could erroneously
 			match an IP address not belonging to any subnet defined
 			in a given GeoIP2 database to one of the existing

bin/tests/system/smartsign/tests.sh

@@ -55,6 +55,9 @@ cksk4=`$REVOKE $cksk3`
 echo_i "setting up sync key"
 cksk5=`$KEYGEN -q -a rsasha1 -fk -P now+1mo -A now+1mo -Psync now $czone`
 
+echo_i "and future sync key"
+cksk6=`$KEYGEN -q -a rsasha1 -fk -P now+1mo -A now+1mo -Psync now+1mo $czone`
+
 echo_i "generating parent keys"
 pzsk=`$KEYGEN -q -a rsasha1 $pzone`
 pksk=`$KEYGEN -q -a rsasha1 -fk $pzone`
@@ -348,6 +351,7 @@ awk 'BEGIN { r=1 } $2 == "CDS" { r=0 } END { exit r }' $cfile.signed || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
 
+# this also checks that the future sync record is not yet published
 echo_i "checking sync record deletion"
 ret=0
 $SETTIME -P now -A now -Dsync now ${cksk5} > /dev/null

lib/dns/dnssec.c

@@ -650,6 +650,7 @@ syncpublish(dst_key_t *key, isc_stdtime_t now) {
 	isc_result_t result;
 	isc_stdtime_t when;
 	int major, minor;
+	bool publish;
 
 	/*
 	 * Is this an old-style key?
@@ -663,16 +664,16 @@ syncpublish(dst_key_t *key, isc_stdtime_t now) {
 	if (major == 1 && minor <= 2)
 		return (false);
 
+	publish = false;
 	result = dst_key_gettime(key, DST_TIME_SYNCPUBLISH, &when);
-	if (result != ISC_R_SUCCESS)
-		return (false);
-
+	if (result == ISC_R_SUCCESS && when <= now) {
+		publish = true;
+	}
 	result = dst_key_gettime(key, DST_TIME_SYNCDELETE, &when);
-	if (result != ISC_R_SUCCESS)
-		return (true);
-	if (when <= now)
-		return (false);
-	return (true);
+	if (result == ISC_R_SUCCESS && when < now) {
+		publish = false;
+	}
+	return (publish);
 }
 
 /*%<