Lines Matching defs:anchor
30 #include "resolved-dns-trust-anchor.h"
47 * name in our trust anchor */
65 /* Only add the built-in trust anchor if there's neither a DS
161 /* Only add the built-in trust anchor if there's no negative
162 * trust anchor defined at all. This enables easy overriding
345 return log_error_errno(r, "Failed to add trust anchor RR: %m");
349 return log_error_errno(r, "Failed to add answer to trust anchor: %m");
407 return log_error_errno(r, "Failed to enumerate %s trust anchor files: %m", suffix);
499 return log_error_errno(r, "Failed to add built-in positive trust anchor: %m");
503 return log_error_errno(r, "Failed to add built-in negative trust anchor: %m");
576 /* Remember that this is a revoked trust anchor RR */
581 /* Remove this from the positive trust anchor */
595 LOG_MESSAGE("DNSSEC Trust anchor %s has been revoked. Please update the trust anchor, or upgrade your operating system."), strna(dns_resource_record_to_string(rr)),
625 DnsResourceRecord *anchor;
627 /* First, look for the precise DNSKEY in our trust anchor database */
629 DNS_ANSWER_FOREACH(anchor, a) {
631 if (anchor->dnskey.protocol != revoked_dnskey->dnskey.protocol)
634 if (anchor->dnskey.algorithm != revoked_dnskey->dnskey.algorithm)
637 if (anchor->dnskey.key_size != revoked_dnskey->dnskey.key_size)
643 if (((anchor->dnskey.flags ^ revoked_dnskey->dnskey.flags) | DNSKEY_FLAG_REVOKE) != DNSKEY_FLAG_REVOKE)
646 if (memcmp(anchor->dnskey.key, revoked_dnskey->dnskey.key, anchor->dnskey.key_size) != 0)
649 dns_trust_anchor_remove_revoked(d, anchor);
656 DnsResourceRecord *anchor;
658 /* Second, look for DS RRs matching this DNSKEY in our trust anchor database */
660 DNS_ANSWER_FOREACH(anchor, a) {
666 r = dnssec_verify_dnskey_by_ds(revoked_dnskey, anchor, true);
672 dns_trust_anchor_remove_revoked(d, anchor);
688 * and matches one of our trust anchor entries. If so, removes
689 * it from the trust anchor and returns > 0. */
724 * see if this precise one exists in our trust anchor