Lines Matching full:trust
2 * validator/autotrust.c - RFC5011 trust anchor management for unbound.
101 /* time is equal, sort on trust point identity */ in probetree_cmp()
135 * @param ta: trust anchor key with DNSKEY data.
162 * @param ta: trust key autotrust metadata
359 log_err("trust anchor for '%s' presented twice", buf); in autr_tp_create()
370 log_err("trust anchor for '%s' in probetree twice", buf); in autr_tp_create()
418 /** find or add a new trust point for autotrust */
442 /** Add trust anchor from RR */
464 * Add new trust anchor from a string in file.
467 * @param tp: trust point returned.
473 * @return new key in trust point.
739 * Assemble the trust anchors into DS and DNSKEY packed rrsets.
742 * @param tp: the trust point. Must be locked.
837 /* find the trust point */ in parse_id()
850 * +2 revoked trust anchor file.
997 /* trust point being read */ in autr_read_file()
1012 log_err("could not parse auto-trust-anchor-file " in autr_read_file()
1021 log_warn("trust anchor %s has been revoked", nm); in autr_read_file()
1034 if(!r) log_err("failed to load trust anchor from %s " in autr_read_file()
1121 if(fprintf(out, "; autotrust trust anchor file\n") < 0) { in autr_write_contents()
1128 "; considered as if it has no trust anchors.\n" in autr_write_contents()
1130 "; to restart the trust anchor, overwrite this file.\n" in autr_write_contents()
1252 * Verify if dnskey works for trust point
1255 * @param tp: trust point to verify with
1275 * algorithms available in the trust store. */ in verify_dnskey()
1340 /** revoke a trust anchor */
1385 /** compare trust anchor with rdata, 0 if equal. Pass rdata(no len) */
1607 /* match of hash is sufficient for bootstrap of trust point */ in key_matches_a_ds()
1651 log_nametypeclass(VERB_DETAIL, "trust point has " in update_events()
1688 * @param ta: trust anchor to check for.
1719 /** Set the state for this trust anchor */
1860 /** if ZSK init then trust KSKs */
1882 verbose_key(anchor, VERB_ALGO, "trust KSK from " in init_zsk_to_ksk()
1943 * one valid KSK: remove missing trust anchor */ in remove_missing_trustanchors()
2057 /** set next probe for trust anchor */
2100 /** Revoke and Delete a trust point */
2110 log_nametypeclass(VERB_OPS, "trust point was revoked", in autr_tp_remove()
2138 /* if !del_tp then the trust point is no longer present in the tree, in autr_tp_remove()
2160 /* autotrust update trust anchors */ in autr_process_prime()
2167 "trust point revoked", tp->name, in autr_process_prime()
2194 return 1; /* trust point exists */ in autr_process_prime()
2209 return 0; /* trust point removed */ in autr_process_prime()
2221 return 1; /* trust point exists */ in autr_process_prime()
2227 /* Add new trust anchors to the data structure in autr_process_prime()
2228 * - note which trust anchors are seen this probe. in autr_process_prime()
2234 "trust point unchanged."); in autr_process_prime()
2235 return 1; /* trust point unchanged, so exists */ in autr_process_prime()
2243 "trust point unchanged."); in autr_process_prime()
2244 return 1; /* trust point unchanged, so exists */ in autr_process_prime()
2249 return 0; /* trust point does not exist */ in autr_process_prime()
2260 return 0; /* trust point removed */ in autr_process_prime()
2264 return 1; /* trust point exists */ in autr_process_prime()
2267 /** debug print a trust anchor key */
2286 /** debug print a trust point */
2295 log_info("trust point %s : %d", buf, (int)tp->dclass); in autr_debug_print_tp()
2356 /** probe a trust anchor DNSKEY and unlocks tp */
2407 /** fetch first to-probe trust-anchor and lock it and set retrytime */
2459 return 0; /* no trust points to probe */ in autr_probe_timer()