summaryrefslogtreecommitdiffstats
path: root/contrib/bind9/bin/dnssec/dnssec-keygen.c
diff options
context:
space:
mode:
Diffstat (limited to 'contrib/bind9/bin/dnssec/dnssec-keygen.c')
-rw-r--r--contrib/bind9/bin/dnssec/dnssec-keygen.c37
1 files changed, 21 insertions, 16 deletions
diff --git a/contrib/bind9/bin/dnssec/dnssec-keygen.c b/contrib/bind9/bin/dnssec/dnssec-keygen.c
index 3d22f99..1e61ca3 100644
--- a/contrib/bind9/bin/dnssec/dnssec-keygen.c
+++ b/contrib/bind9/bin/dnssec/dnssec-keygen.c
@@ -29,7 +29,7 @@
* IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: dnssec-keygen.c,v 1.115.14.4 2011/11/30 00:51:38 marka Exp $ */
+/* $Id: dnssec-keygen.c,v 1.120 2011/11/30 00:48:51 marka Exp $ */
/*! \file */
@@ -124,11 +124,12 @@ usage(void) {
#else
fprintf(stderr, " -E <engine name>\n");
#endif
- fprintf(stderr, " -e: use large exponent (RSAMD5/RSASHA1 only)\n");
fprintf(stderr, " -f <keyflag>: KSK | REVOKE\n");
fprintf(stderr, " -g <generator>: use specified generator "
"(DH only)\n");
+ fprintf(stderr, " -L <ttl>: default key TTL\n");
fprintf(stderr, " -p <protocol>: (default: 3 [dnssec])\n");
+ fprintf(stderr, " -r <randomdev>: a file containing random data\n");
fprintf(stderr, " -s <strength>: strength value this key signs DNS "
"records with (default: 0)\n");
fprintf(stderr, " -T <rrtype>: DNSKEY | KEY (default: DNSKEY; "
@@ -137,8 +138,6 @@ usage(void) {
fprintf(stderr, " -t <type>: "
"AUTHCONF | NOAUTHCONF | NOAUTH | NOCONF "
"(default: AUTHCONF)\n");
- fprintf(stderr, " -r <randomdev>: a file containing random data\n");
-
fprintf(stderr, " -h: print usage and exit\n");
fprintf(stderr, " -m <memory debugging mode>:\n");
fprintf(stderr, " usage | trace | record | size | mctx\n");
@@ -212,7 +211,7 @@ main(int argc, char **argv) {
isc_boolean_t conflict = ISC_FALSE, null_key = ISC_FALSE;
isc_boolean_t oldstyle = ISC_FALSE;
isc_mem_t *mctx = NULL;
- int ch, rsa_exp = 0, generator = 0, param = 0;
+ int ch, generator = 0, param = 0;
int protocol = -1, size = -1, signatory = 0;
isc_result_t ret;
isc_textregion_t r;
@@ -231,6 +230,7 @@ main(int argc, char **argv) {
dns_rdataclass_t rdclass;
int options = DST_TYPE_PRIVATE | DST_TYPE_PUBLIC;
int dbits = 0;
+ dns_ttl_t ttl = 0;
isc_boolean_t use_default = ISC_FALSE, use_nsec3 = ISC_FALSE;
isc_stdtime_t publish = 0, activate = 0, revoke = 0;
isc_stdtime_t inactive = 0, delete = 0;
@@ -238,7 +238,7 @@ main(int argc, char **argv) {
int prepub = -1;
isc_boolean_t setpub = ISC_FALSE, setact = ISC_FALSE;
isc_boolean_t setrev = ISC_FALSE, setinact = ISC_FALSE;
- isc_boolean_t setdel = ISC_FALSE;
+ isc_boolean_t setdel = ISC_FALSE, setttl = ISC_FALSE;
isc_boolean_t unsetpub = ISC_FALSE, unsetact = ISC_FALSE;
isc_boolean_t unsetrev = ISC_FALSE, unsetinact = ISC_FALSE;
isc_boolean_t unsetdel = ISC_FALSE;
@@ -257,7 +257,7 @@ main(int argc, char **argv) {
/*
* Process memory debugging argument first.
*/
-#define CMDLINE_FLAGS "3A:a:b:Cc:D:d:E:eFf:Gg:hI:i:K:km:n:P:p:qR:r:S:s:T:t:v:"
+#define CMDLINE_FLAGS "3A:a:b:Cc:D:d:E:eFf:Gg:hI:i:K:kL:m:n:P:p:qR:r:S:s:T:t:v:"
while ((ch = isc_commandline_parse(argc, argv, CMDLINE_FLAGS)) != -1) {
switch (ch) {
case 'm':
@@ -310,7 +310,9 @@ main(int argc, char **argv) {
engine = isc_commandline_argument;
break;
case 'e':
- rsa_exp = 1;
+ fprintf(stderr,
+ "phased-out option -e "
+ "(was 'use (RSA) large exponent)\n");
break;
case 'f':
c = (unsigned char)(isc_commandline_argument[0]);
@@ -340,6 +342,13 @@ main(int argc, char **argv) {
"To generate a key-signing key, use -f KSK.\n"
"To generate a key with TYPE=KEY, use -T KEY.\n");
break;
+ case 'L':
+ if (strcmp(isc_commandline_argument, "none") == 0)
+ ttl = 0;
+ else
+ ttl = strtottl(isc_commandline_argument);
+ setttl = ISC_TRUE;
+ break;
case 'n':
nametype = isc_commandline_argument;
break;
@@ -782,13 +791,6 @@ main(int argc, char **argv) {
break;
}
- if (!(alg == DNS_KEYALG_RSAMD5 || alg == DNS_KEYALG_RSASHA1 ||
- alg == DNS_KEYALG_NSEC3RSASHA1 || alg == DNS_KEYALG_RSASHA256 ||
- alg == DNS_KEYALG_RSASHA512 || alg == DST_ALG_ECCGOST ||
- alg == DST_ALG_ECDSA256 || alg == DST_ALG_ECDSA384) &&
- rsa_exp != 0)
- fatal("specified RSA exponent for a non-RSA key");
-
if (alg != DNS_KEYALG_DH && generator != 0)
fatal("specified DH generator for a non-DH key");
@@ -848,7 +850,6 @@ main(int argc, char **argv) {
case DNS_KEYALG_NSEC3RSASHA1:
case DNS_KEYALG_RSASHA256:
case DNS_KEYALG_RSASHA512:
- param = rsa_exp;
show_progress = ISC_TRUE;
break;
@@ -983,6 +984,10 @@ main(int argc, char **argv) {
dst_key_setprivateformat(key, 1, 2);
}
+ /* Set the default key TTL */
+ if (setttl)
+ dst_key_setttl(key, ttl);
+
/*
* Do not overwrite an existing key, or create a key
* if there is a risk of ID collision due to this key
OpenPOWER on IntegriCloud