Config validation feature request

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

From: Murray S. Kucherawy <msk_at_blackops.org>
Date: Sat, 11 Aug 2012 15:02:00 -0700 (PDT)

We have a long-standing feature request called "Tool for thorough
configuration validation". For 2.7.0, I've implemented one of the things
it asked for, which is a pass through the SigningTable to ensure that all
the keys to which it refers exist in the KeyTable.

Another suggestion in the feature request is to check that no
domain-selector pair appears twice in the database with different signing
keys, since that would mean two private keys are being used for the same
name and that conflict will lead to avoidable signature failures.
Unfortunately this is not as easy as I'd like since it requires multiple
simultaneous database cursors, something the current database code doesn't
support, which means it's more work than is probably reasonably justified.

Before I close out the feature request for 2.7.0, are there any other
checks we should do at start time that aren't already being done?

-MSK
Received on Sat Aug 11 2012 - 22:02:15 PST

This archive was generated by hypermail 2.3.0 : Mon Oct 29 2012 - 23:33:35 PST