Commit 9cc0c06c authored by Michal 'vorner' Vaner's avatar Michal 'vorner' Vaner
Browse files

[trac931] Sign even when error

parent b8da5496
...@@ -478,9 +478,8 @@ AuthSrv::processMessage(const IOMessage& io_message, MessagePtr message, ...@@ -478,9 +478,8 @@ AuthSrv::processMessage(const IOMessage& io_message, MessagePtr message,
bool sendAnswer = true; bool sendAnswer = true;
if (tsig_error != TSIGError::NOERROR()) { if (tsig_error != TSIGError::NOERROR()) {
// TODO We need to add a TSIG but with 0-length signature
makeErrorMessage(message, buffer, tsig_error.toRcode(), makeErrorMessage(message, buffer, tsig_error.toRcode(),
impl_->verbose_mode_); impl_->verbose_mode_, tsig_context);
} else if (message->getOpcode() == Opcode::NOTIFY()) { } else if (message->getOpcode() == Opcode::NOTIFY()) {
sendAnswer = impl_->processNotify(io_message, message, buffer, sendAnswer = impl_->processNotify(io_message, message, buffer,
tsig_context); tsig_context);
......
...@@ -309,8 +309,8 @@ TEST_F(AuthSrvTest, TSIGSignedNoKey) { ...@@ -309,8 +309,8 @@ TEST_F(AuthSrvTest, TSIGSignedNoKey) {
const TSIGRecord* tsig = m.getTSIGRecord(); const TSIGRecord* tsig = m.getTSIGRecord();
ASSERT_TRUE(tsig) << ASSERT_TRUE(tsig) <<
"Missing TSIG signature (we should have one even at error)"; "Missing TSIG signature (we should have one even at error)";
// TODO It should have been signed by zero-length key. Should we EXPECT_EQ(0, tsig->getRdata().getMACSize()) <<
// check that somehow? "It should be unsigned with this error";
} }
// Give the server a signed request, but signed by a different key // Give the server a signed request, but signed by a different key
...@@ -341,8 +341,8 @@ TEST_F(AuthSrvTest, TSIGBadSig) { ...@@ -341,8 +341,8 @@ TEST_F(AuthSrvTest, TSIGBadSig) {
const TSIGRecord* tsig = m.getTSIGRecord(); const TSIGRecord* tsig = m.getTSIGRecord();
ASSERT_TRUE(tsig) << ASSERT_TRUE(tsig) <<
"Missing TSIG signature (we should have one even at error)"; "Missing TSIG signature (we should have one even at error)";
// TODO It should have been signed by zero-length key. Should we EXPECT_EQ(0, tsig->getRdata().getMACSize()) <<
// check that somehow? "It should be unsigned with this error";
} }
TEST_F(AuthSrvTest, AXFRConnectFail) { TEST_F(AuthSrvTest, AXFRConnectFail) {
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment