[master] Prevent dnssec-settime from printing a bogus warning

4686. [bug] dnssec-settime -p could print a bogus warning about key deletion scheduled before its inactivation when a key had an inactivation date set but no deletion date set. [RT #45807]
2017-08-18 11:17:43 +02:00
parent 5201b96d03
commit 330365566d
3 changed files with 15 additions and 1 deletions
--- a/5
+++ b/5
@@ -1,3 +1,8 @@
+4686.	[bug]		dnssec-settime -p could print a bogus warning about
+			key deletion scheduled before its inactivation when a
+			key had an inactivation date set but no deletion date
+			set. [RT #45807]
+
 4685.	[bug]		dnssec-settime incorrectly calculated publication and
 			activation dates for a successor key. [RT #45806]

--- a/bin/dnssec/dnssec-settime.c
+++ b/bin/dnssec/dnssec-settime.c
@@ -524,7 +524,7 @@ main(int argc, char **argv) {
 			     &prevdel) == ISC_R_SUCCESS &&
 	     setinact && !setdel && !unsetdel && prevdel < inact) ||
 	    (!setdel && !unsetdel && !setinact && !unsetinact &&
-	     prevdel < previnact))
+	     prevdel != 0 && prevdel < previnact))
 		fprintf(stderr, "%s: warning: Key is scheduled to "
 				"be deleted before it is\n\t"
 				"scheduled to be inactive.\n",
--- a/bin/tests/system/metadata/tests.sh
+++ b/bin/tests/system/metadata/tests.sh
@@ -162,6 +162,15 @@ n=`expr $n + 1`
 if [ $ret != 0 ]; then echo "I:failed"; fi
 status=`expr $status + $ret`

+echo "I:checking no warning about delete date < inactive date with dnssec-settime when delete date is unset ($n)"
+ret=0
+$SETTIME -D none `cat oldstyle.key` > tmp.out 2>&1 || ret=1
+$SETTIME -p all `cat oldstyle.key` > tmp.out 2>&1 || ret=1
+grep "warning" tmp.out > /dev/null 2>&1 && ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
 echo "I:checking warning about delete date < inactive date with dnssec-keygen ($n)"
 ret=0
 # keygen should print a warning about delete < inactive