Simplify trust anchor handling.

Open trust anchor file for reading and writing on startup and pass it
to the frontend process. The frontend process seeks and truncates the
file apropriately when writing out new trust anchors learned via DNS
but never closes the file. On error the file is truncated to zero
length.

This is in turn handled on startup by switching to the built in trust
anchor when no trustanchor can be read from disk.

This side steps the need for an unveil'ed directory with "c" permission
and also removes the wpath and cpath pledges from the parent process.

deraadt@ pointed out that my previous design didn't make sense and I
had confused myself along the way. (It did work, but was too
complicated for no good reason).

While here validate that we actually read a trust anchor from disk by
trying to parse it and checking that it is a DNSKEY. Unfortunately
ub_ctx_add_ta() accepts just any string as a trust anchor without any
validation.

0 files changed, 0 insertions, 0 deletions