Adding option DANE_F_IGNORE_DNSSEC to disable loading of the DNSSEC root key entirely...
authorChristian Grothoff <christian@grothoff.org>
Wed, 23 Oct 2013 10:01:31 +0000 (12:01 +0200)
committerNikos Mavrogiannopoulos <nmav@gnutls.org>
Wed, 23 Oct 2013 16:47:25 +0000 (18:47 +0200)
commita960a0fd4ab2aa6166c9f42914442c7e6630dcfb
treed46f2ff916a41ec2b92b01bf3add4765ac8da1e7
parentf934a60a65d54b907296ec18e6413e9ec0f4eb45
Adding option DANE_F_IGNORE_DNSSEC to disable loading of the DNSSEC root key entirely when initializing a dane_state_t.

This is a useful optimization if the DANE/TLSA data is initialized
from a source other than libunbound/DNS, as then the DNSSEC root key
would not be used anyway.  Worse, if we failed to read the DNSSEC
root key, this would create a failure even though for applications
that do not use DNSSEC (but do use DANE/TLSA) such a failure would
be totally harmless.
libdane/dane.c
libdane/includes/gnutls/dane.h