[Swan-dev] why remove USERLAND_CFLAGS+=-DDEFAULT_DNSSEC_ROOTKEY_FILE
Paul Wouters
paul at nohats.ca
Wed Sep 13 16:31:51 UTC 2017
On Wed, 13 Sep 2017, Antony Antony wrote:
> may be you can do it using smart #ifndef in dnssec.h, I am not sure, test
> it:)
I'll look at doing that.
> If the feature is disabled at compile time ipsec status output with
> "<unset>" is confuses me. It gives the wrong that idea it can be set while
> it is disabled.
>
> However looking further I notice there is "secctx-attr-type=<unsupported>"
> when it is disabled at compile time. That would be better if we really want
> it.
We can use <unsupported> instead of <unset>
> If DNSSEC is enabled it will be at the start of the pluto log.
> In every "ipsec status output" "unsupported" seems a bit overdoing for me.
People often only give partial logs. Asking them for "ipsec status" is
easier and gets us a complete picture.
> Is there a command to get this output via whack?
Yes, "ipsec status" :)
Paul
More information about the Swan-dev
mailing list