summaryrefslogtreecommitdiff
path: root/src/resolve/resolved-dns-trust-anchor.h
diff options
context:
space:
mode:
Diffstat (limited to 'src/resolve/resolved-dns-trust-anchor.h')
-rw-r--r--src/resolve/resolved-dns-trust-anchor.h10
1 files changed, 8 insertions, 2 deletions
diff --git a/src/resolve/resolved-dns-trust-anchor.h b/src/resolve/resolved-dns-trust-anchor.h
index 06f3723914..5d137faae1 100644
--- a/src/resolve/resolved-dns-trust-anchor.h
+++ b/src/resolve/resolved-dns-trust-anchor.h
@@ -30,10 +30,16 @@ typedef struct DnsTrustAnchor DnsTrustAnchor;
/* This contains a fixed database mapping domain names to DS or DNSKEY records. */
struct DnsTrustAnchor {
- Hashmap *by_key;
+ Hashmap *positive_by_key;
+ Set *negative_by_name;
+ Set *revoked_by_rr;
};
int dns_trust_anchor_load(DnsTrustAnchor *d);
void dns_trust_anchor_flush(DnsTrustAnchor *d);
-int dns_trust_anchor_lookup(DnsTrustAnchor *d, DnsResourceKey* key, DnsAnswer **answer);
+int dns_trust_anchor_lookup_positive(DnsTrustAnchor *d, const DnsResourceKey* key, DnsAnswer **answer);
+int dns_trust_anchor_lookup_negative(DnsTrustAnchor *d, const char *name);
+
+int dns_trust_anchor_check_revoked(DnsTrustAnchor *d, DnsResourceRecord *dnskey, DnsAnswer *rrs);
+int dns_trust_anchor_is_revoked(DnsTrustAnchor *d, DnsResourceRecord *rr);