Remove REVOKE flag support.

git-svn-id: file:///svn/unbound/trunk@1639 be551aaa-1e26-0410-a405-d3ace91eadb9

doc/Changelog

@@ -1,3 +1,7 @@
+8 June 2009: Wouter
+	- Removed RFC5011 REVOKE flag support. Partial 5011 support may cause
+	  inadvertant behaviour.
+
 3 June 2009: Wouter
 	- fixup bad free() when wrongly encoded DSA signature is seen.
 	  Reported by Paul Wouters.

testdata/test_signatures.13

@@ -15,7 +15,7 @@ ENTRY_END
 ; entry to test
 ENTRY_BEGIN
 SECTION QUESTION
-bogus.example.com.       IN      SOA
+secure.example.com.       IN      SOA
 SECTION ANSWER
 example.com.  43200   IN      SOA     home.kuroiwa.eng.br. hostmaster.cesar.sec3.br. 2008040903 86400 86400 8640000 600
 example.com.	43200	IN	RRSIG	SOA 5 2 43200 20081010000000 20080410122550 31027 example.com. af7nqRak6cEeQLytqLHMIUKPsOECA4Cu/Zpm7vdnKSh2q2+/8ZwIxwHLyCEGdiu/mTYffZEHTZytJyzxnB0oxA== ;{id = 31027}

validator/val_sigcrypt.c

@@ -522,9 +522,6 @@ dnskeyset_verify_rrset_sig(struct module_env* env, struct val_env* ve,
 			tag != dnskey_calc_keytag(dnskey, i))
 			continue;
 		numchecked ++;
-		/* skip revoked keys */
-		if(dnskey_get_flags(dnskey, i) & LDNS_KEY_REVOKE_KEY)
-			continue;
 
 		/* see if key verifies */
 		sec = dnskey_verify_rrset_sig(env->scratch,