Make DNSSEC trust anchor file configurable

2 files changed, 14 insertions, 4 deletions

diff --git a/configure.ac b/configure.ac
index f6a066f..d9453ed 100644
--- a/configure.ac
+++ b/configure.ac
@@ -15,9 +15,7 @@ AM_PROG_AR
 
 LT_INIT
 
-# Checks for libraries.
-
-PKG_CHECK_MODULES([UNBOUND], [libunbound])
+# Checks for libraries and related parameters.
 
 PKG_CHECK_MODULES([LIBXML], [libxml-2.0])
 
@@ -26,6 +24,18 @@ PKG_CHECK_MODULES([GSASL], [libgsasl])
 PKG_CHECK_MODULES([NETTLE], [nettle])
 
 
+# DNS: libunbound
+
+AC_ARG_VAR([DNSSEC_TRUST_ANCHOR_FILE],
+        [A DNSSEC trust anchor, containing DNSKEY in zone file format])
+AS_IF([test "x$DNSSEC_TRUST_ANCHOR_FILE" == "x"],
+      [DNSSEC_TRUST_ANCHOR_FILE="/usr/share/dns/root.key"])
+AC_DEFINE_UNQUOTED([DNSSEC_TRUST_ANCHOR_FILE],
+        "$DNSSEC_TRUST_ANCHOR_FILE",
+        [A DNSSEC trust anchor, containing DNSKEY in zone file format])
+
+PKG_CHECK_MODULES([UNBOUND], [libunbound])
+
 # GPGME, optional
 
 AC_ARG_WITH([gpgme],
diff --git a/src/rexmpp.c b/src/rexmpp.c
index 1e18908..8998ea9 100644
--- a/src/rexmpp.c
+++ b/src/rexmpp.c
@@ -475,7 +475,7 @@ rexmpp_err_t rexmpp_init (rexmpp_t *s,
                ub_strerror(err));
   }
   /* todo: better to make this path configurable, not to hardcode it */
-  err = ub_ctx_add_ta_file(s->resolver_ctx, "/usr/share/dns/root.key");
+  err = ub_ctx_add_ta_file(s->resolver_ctx, DNSSEC_TRUST_ANCHOR_FILE);
   if (err != 0) {
     rexmpp_log(s, LOG_WARNING, "Failed to set root key file for DNSSEC: %s",
                ub_strerror(err));