Revert "As zone signing assumes, but does not check, that the zone is…

… ordered, add a check in debug builds (not in release builds as it is too costly) if the zone is correctly sorted before signing." This reverts commit b1f7a20.
NLnetLabs · Jan 9, 2025 · 1056703 · 1056703
1 parent b1f7a20
commit 1056703
Showing 1 changed file with 0 additions and 11 deletions.
diff --git a/src/sign/mod.rs b/src/sign/mod.rs
@@ -392,15 +392,6 @@ where
 
 //------------ sign_zone() ---------------------------------------------------
 
-/// DNSSEC sign the given zone records.
-///
-/// Assumes that the given zone records are sorted according to
-/// [`CanonicalOrd`]. The behaviour is undefined otherwise.
-///
-/// # Panics
-///
-/// This function will panic in debug builds if the given zone is not sorted
-/// according to [`CanonicalOrd`].
 pub fn sign_zone<N, Octs, S, DSK, Inner, KeyStrat, Sort, HP, T>(
     mut in_out: SignableZoneInOut<N, Octs, S, T, Sort>,
     apex: &N,
@@ -444,8 +435,6 @@ where
         return Err(SigningError::NoSoaFound);
     };
 
-    debug_assert!(in_out.as_slice().is_sorted_by(CanonicalOrd::canonical_le));
-
     // RFC 9077 updated RFC 4034 (NSEC) and RFC 5155 (NSEC3) to say that
     // the "TTL of the NSEC(3) RR that is returned MUST be the lesser of
     // the MINIMUM field of the SOA record and the TTL of the SOA itself".