Commit fd95cc0d authored by Mark Andrews's avatar Mark Andrews

2877. [bug] The validator failed to skip obviously mismatching

                        RRSIGs. [RT #21138]
parent ac897ce3
2877. [bug] The validator failed to skip obviously mismatching
RRSIGs. [RT #21138]
2876. [bug] Named could return SERVFAIL for negative responses
from unsigned zones. [RT #21131]
......
......@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: validator.c,v 1.189 2010/04/21 04:16:49 marka Exp $ */
/* $Id: validator.c,v 1.190 2010/04/21 05:45:47 marka Exp $ */
#include <config.h>
......@@ -2119,7 +2119,7 @@ dlv_validatezonekey(dns_validator_t *val) {
&sigrdata);
result = dns_rdata_tostruct(&sigrdata, &sig, NULL);
RUNTIME_CHECK(result == ISC_R_SUCCESS);
if (dlv.key_tag != sig.keyid &&
if (dlv.key_tag != sig.keyid ||
dlv.algorithm != sig.algorithm)
continue;
dstkey = NULL;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment