1 files changed, 20 insertions, 1 deletions

diff --git a/tools/dnssec/validatechain.c b/tools/dnssec/validatechain.c
index 1ecf5f7..62fca09 100644
--- a/tools/dnssec/validatechain.c
+++ b/tools/dnssec/validatechain.c
@@ -8,6 +8,19 @@
 #include <getdns/getdns_extra.h>
 #include "common.h"
 
+static int debug = 0;
+
+static void
+print_tree(const getdns_list *tree, const char *name)
+{
+  if (name)
+    printf("* %s\n", name);
+
+    char *s = getdns_pretty_print_list(tree);
+    puts(s);
+    free(s);
+}
+
 static getdns_return_t
 validate(const uint8_t *records_buf, size_t records_len,
          const uint8_t *support_buf, size_t support_len,
@@ -33,7 +46,7 @@ validate(const uint8_t *records_buf, size_t records_len,
 
     support_records: DS's and DNSKEY's with accompanying RRSIG's.
 
-    trust_anchors: DNSKEY's (or DS?).
+    trust_anchors: DNSKEY's (and possibly DS's?).
    */
 
   r = getdns_validate_dnssec2(to_validate,
@@ -42,6 +55,11 @@ validate(const uint8_t *records_buf, size_t records_len,
                               validation_time,
                               skew);
 
+  if (debug) {
+    print_tree(to_validate, "to_validate");
+    print_tree(support_records, "support_records");
+    print_tree(trust_anchors, "trust_anchors");
+  }
 out:
   if (to_validate)
     getdns_list_destroy(to_validate);
@@ -106,5 +124,6 @@ main(int argc, char *argv[])
     return r;
   }
 
+  printf("OK\n");
   return 0;
 }