diff options
author | Yu Watanabe <watanabe.yu+github@gmail.com> | 2017-06-18 05:22:32 +0900 |
---|---|---|
committer | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2017-06-17 16:22:32 -0400 |
commit | 42303dcb1a42fd4c478708832bee8030bd87c87f (patch) | |
tree | 276bc6e5493219af479c3eae6cda7bb95e50cbff /src | |
parent | a1bb2402cb6edc4b46f6bf2bc3ed2773bb213919 (diff) | |
download | systemd-42303dcb1a42fd4c478708832bee8030bd87c87f.tar.gz |
resolved: ignore DNSSEC= option when resolved is built without gcrypt (#6084)
Fixes #5583.
Diffstat (limited to 'src')
-rw-r--r-- | src/resolve/resolved-conf.c | 6 | ||||
-rw-r--r-- | src/resolve/resolved-link.c | 6 |
2 files changed, 12 insertions, 0 deletions
diff --git a/src/resolve/resolved-conf.c b/src/resolve/resolved-conf.c index 97334a0af7..75636e0e56 100644 --- a/src/resolve/resolved-conf.c +++ b/src/resolve/resolved-conf.c @@ -246,6 +246,12 @@ int manager_parse_config_file(Manager *m) { return r; } +#ifndef HAVE_GCRYPT + if (m->dnssec_mode != DNSSEC_NO) { + log_warning("DNSSEC option cannot be enabled or set to allow-downgrade when systemd-resolved is built without gcrypt support. Turning off DNSSEC support."); + m->dnssec_mode = DNSSEC_NO; + } +#endif return 0; } diff --git a/src/resolve/resolved-link.c b/src/resolve/resolved-link.c index d06096f3f2..fc59a675e2 100644 --- a/src/resolve/resolved-link.c +++ b/src/resolve/resolved-link.c @@ -313,6 +313,12 @@ void link_set_dnssec_mode(Link *l, DnssecMode mode) { assert(l); +#ifndef HAVE_GCRYPT + if (mode == DNSSEC_YES || mode == DNSSEC_ALLOW_DOWNGRADE) + log_warning("DNSSEC option for the link cannot be enabled or set to allow-downgrade when systemd-resolved is built without gcrypt support. Turning off DNSSEC support."); + return; +#endif + if (l->dnssec_mode == mode) return; |