upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2026-01-03 13:29:36 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

zonemd, zonemds are checked when a zone is auth_zone_reload from file,

Browse source 
or reload with unbound-control.
This commit is contained in:
W.C.A. Wijngaards 2020-10-23 11:20:08 +02:00
parent 40e713e121
commit fb5f3f076d
1 changed files with 13 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
daemon/remote.c
View file

@ -2510,6 +2510,8 @@ do_auth_zone_reload(RES* ssl, struct worker* worker, char* arg)
uint8_t* nm = NULL;
struct auth_zones* az = worker->env.auth_zones;
struct auth_zone* z = NULL;
char* reason = NULL;
int oldexpired = 0;
if(!parse_arg_name(ssl, arg, &nm, &nmlen, &nmlabs))
return;
if(az) {
@ -2530,6 +2532,17 @@ do_auth_zone_reload(RES* ssl, struct worker* worker, char* arg)
(void)ssl_printf(ssl, "error failed to read %s\n", arg);
return;
}
oldexpired = z->zone_expired;
auth_zone_verify_zonemd(z, &worker->env, &worker->env.mesh->mods,
&reason, 0, 0);
if(reason && !oldexpired && z->zone_expired) {
(void)ssl_printf(ssl, "error zonemd for %s failed: %s\n",
arg, reason);
} else if(reason && strcmp(reason, "ZONEMD verification successful")
==0) {
(void)ssl_printf(ssl, "%s: %s\n", arg, reason);
}
free(reason);
lock_rw_unlock(&z->lock);
send_ok(ssl);
}