Matthijs Mekking 5e3aef364f dnssec-signzone retain signature if key is offline ... Track inside the dns_dnsseckey structure whether we have seen the private key, or if this key only has a public key file. If the key only has a public key file, or a DNSKEY reference in the zone, mark the key 'pubkey'. In dnssec-signzone, if the key only has a public key available, consider the key to be offline. Any signatures that should be refreshed for which the key is not available, retain the signature. So in the code, 'expired' becomes 'refresh', and the new 'expired' is only used to determine whether we need to keep the signature if the corresponding key is not available (retaining the signature if it is not expired). In the 'keysthatsigned' function, we can remove: - key->force_publish = false; - key->force_sign = false; because they are redundant ('dns_dnsseckey_create' already sets these values to false).		2025-01-23 09:43:07 +00:00
..
check	Remove C++ support from the public header	2024-12-18 13:10:39 +01:00
confgen	Remove C++ support from the public header	2024-12-18 13:10:39 +01:00
delv	Separate the connect and the read timeouts in dispatch	2025-01-22 11:57:52 +00:00
dig	Dig - enable TLS SNI support	2024-12-26 17:23:19 +02:00
dnssec	dnssec-signzone retain signature if key is offline	2025-01-23 09:43:07 +00:00
named	Fix possible truncation in dns_keymgr_status()	2025-01-23 09:31:00 +01:00
nsupdate	Separate the connect and the read timeouts in dispatch	2025-01-22 11:57:52 +00:00
plugins	Remove redundant parentheses from the return statement	2024-11-19 12:27:22 +01:00
rndc	Remove C++ support from the public header	2024-12-18 13:10:39 +01:00
tests	dnssec-signzone retain signature if key is offline	2025-01-23 09:43:07 +00:00
tools	Separate the connect and the read timeouts in dispatch	2025-01-22 11:57:52 +00:00
Makefile.am	Remove native PKCS#11 support	2021-09-09 15:35:39 +02:00