resolved: rename "downgrade-ok" mode to "allow-downgrade"

After discussing this with Tom, we figured out "allow-downgrade" sounds nicer.
author: Lennart Poettering <lennart@poettering.net> 2016-01-05 17:44:16 +0100
committer: Lennart Poettering <lennart@poettering.net> 2016-01-05 20:00:53 +0100
commit: 1ed8c0fbb4cc51413f3a6025233f41c19f154bc1 (patch)
tree: 0dacdca7477fa73cac0c9ef304a72a0da5c2347c /src
parent: f41b446a7677c030250ccf318306dc637d1d9871 (diff)
3 files changed, 4 insertions, 4 deletions
diff --git a/src/resolve/resolved-dns-dnssec.c b/src/resolve/resolved-dns-dnssec.c
index 32d4834aa1..ff571986c0 100644
--- a/src/resolve/resolved-dns-dnssec.c
+++ b/src/resolve/resolved-dns-dnssec.c
@@ -1568,7 +1568,7 @@ int dnssec_test_nsec(DnsAnswer *answer, DnsResourceKey *key, DnssecNsecResult *r
 
 static const char* const dnssec_mode_table[_DNSSEC_MODE_MAX] = {
         [DNSSEC_NO] = "no",
-        [DNSSEC_DOWNGRADE_OK] = "downgrade-ok",
+        [DNSSEC_ALLOW_DOWNGRADE] = "allow-downgrade",
         [DNSSEC_YES] = "yes",
 };
 DEFINE_STRING_TABLE_LOOKUP(dnssec_mode, DnssecMode);
diff --git a/src/resolve/resolved-dns-dnssec.h b/src/resolve/resolved-dns-dnssec.h
index 94d0b23f80..d818d1a906 100644
--- a/src/resolve/resolved-dns-dnssec.h
+++ b/src/resolve/resolved-dns-dnssec.h
@@ -37,7 +37,7 @@ enum DnssecMode {
          * DNSSEC properly, downgrade to non-DNSSEC operation. Of
          * course, we then are vulnerable to a downgrade attack, but
          * that's life and what is configured. */
-        DNSSEC_DOWNGRADE_OK,
+        DNSSEC_ALLOW_DOWNGRADE,
 
         /* Insist on DNSSEC server support, and rather fail than downgrading. */
         DNSSEC_YES,
diff --git a/src/resolve/resolved-dns-transaction.c b/src/resolve/resolved-dns-transaction.c
index 870b7586fd..44267c6b2d 100644
--- a/src/resolve/resolved-dns-transaction.c
+++ b/src/resolve/resolved-dns-transaction.c
@@ -939,7 +939,7 @@ static int dns_transaction_prepare(DnsTransaction *t, usec_t ts) {
                          * this means we cannot do any DNSSEC logic
                          * anymore. */
 
-                        if (t->scope->dnssec_mode == DNSSEC_DOWNGRADE_OK) {
+                        if (t->scope->dnssec_mode == DNSSEC_ALLOW_DOWNGRADE) {
                                 /* We are in downgrade mode. In this
                                  * case, synthesize an unsigned empty
                                  * response, so that the any lookup
@@ -2266,7 +2266,7 @@ int dns_transaction_validate_dnssec(DnsTransaction *t) {
 
                                                 dns_server_packet_rrsig_missing(t->server);
 
-                                                if (t->scope->dnssec_mode == DNSSEC_DOWNGRADE_OK) {
+                                                if (t->scope->dnssec_mode == DNSSEC_ALLOW_DOWNGRADE) {
 
                                                         /* Downgrading is OK? If so, just consider the information unsigned */
author	Lennart Poettering <lennart@poettering.net>	2016-01-05 17:44:16 +0100
committer	Lennart Poettering <lennart@poettering.net>	2016-01-05 20:00:53 +0100
commit	1ed8c0fbb4cc51413f3a6025233f41c19f154bc1 (patch)
tree	0dacdca7477fa73cac0c9ef304a72a0da5c2347c /src
parent	f41b446a7677c030250ccf318306dc637d1d9871 (diff)