add CheckSigningTable config option #228
Conversation
When CheckSigningTable is set to no, the keys in KeyTable are no longer verified when config is loaded. This helps with large databases. This commit only adds support for USE_ODBX.
when comparing if (conf->conf_checksigningtable == TRUE) and CheckSigningTable no in the config, no acts as TRUE. Therefore, it is better to use != FALSE.
|
Simple test results: If selector is NULL (should be prevented by sql not null option): If key is NULL in neither case did opendkim crash. Furthermore, you can solve a lot of these issues with db table constraints. |
|
this is continued from #226 |
|
also should there be a command line option for it ? example, |
As advised by futatuki, specify SigningTable instead of the "database" in the description.
I'll take a look later, if it can avoid crash even if the key entry is corrupted. (But it is another issue) |
Currently 'C' is not in use, however it might be the time we shoud consider to use word options, although |
|
can we consider the long options issue as a separate issue? |
ya, sorry, I think it is a separate issue. It is not good that multiple issue in a PR. |
|
This feature may useful even if ODBX feature is not used, so I think it is not need to restrict it on USE_ODBX is true. No other things to say, it looks good to me, for the commits till 906a8b4. You can freely determine the command line option letter for this feature, if you implement it (perhaps no one complains about it). However if I implement a command line option for checking SiginigTable consistency and exit, I'll select 'C' for it if it is still not in use :) |
Allow the use of -C to disable CheckSigningTable (or set to no).
Allow disabling of CheckSigningTable for other databases such as LDAP. This option disables the walking of SigningTable to look for missing keys in KeyTable when the config gets loaded.
|
lhy is the develop branch so far ahead of master branch ? |
As requested by futatuki, I will use -g for CheckSigningTable and reserve -C for future option to check the database tables.
oops i just realized what you said. |
|
As you added a new command line option, it should be described in opendkim(8) :)
I think this project is not working any more. So I made my own branch, maintain it, and I use here as a collection center of issues and proposals of the changes. |
|
Thank you @futatuki . I would like to commit these changes to your mirror as well. |
|
It would be great if you could add a description about new "-g" option to opendkim/opendkim.8.in? I'd like to see your commit for it, not mine :) |
|
see commit 3fc8cb7 for -g in opendkim(8) man page. |
opendkim/opendkim.8.in
Outdated
| .I \-g | ||
| Set CheckSigningTable to no. This means that when the config is loaded, | ||
| The SigningTable will not be checked for any missing keys in | ||
| the KeyTable. |
There was a problem hiding this comment.
- A typo " the SiningTable"
- The mention to
CheckSigingTableoption is not so important for understanding what this commandline option does. So it is good to move it after the last sentence of the paragraph, with reference information to opendkim.conf(5).
There was a problem hiding this comment.
I see a typo, but in your comment, not the code.
Anyway I re-wrote it based on your suggestion.
See commit 3dabd5f
Thank you! Although I 'm not good at writing English, I've reviewed it. |
|
thank you so much for all your help futatuki! |
|
Looks good. Thank you! |
…ningTable Add CheckSigningTable config option When CheckSigningTable is set to no, the keys in KeyTable are no longer verified when config is loaded. Also implement a command line option -g for skipping SigningTable verification. trusteddomainproject#228
When CheckSigningTable is set to no, the keys in KeyTable are no longer verified when config is loaded.
This helps with large databases. This commit only adds support for USE_ODBX.