clones/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2024-09-21 14:47:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

Faster nsec3.

Browse Source 
git-svn-id: file:///svn/unbound/trunk@2044 be551aaa-1e26-0410-a405-d3ace91eadb9
This commit is contained in:
Wouter Wijngaards 2010-03-16 16:52:56 +00:00
parent 6fb53c7c93
commit 367c2abbf3
2 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
doc/Changelog
View File

@ -2,6 +2,7 @@
- Fix interface-automatic for OpenBSD: msg.controllen was too small,
also assertions on ancillary data buffer.
- check for IP_SENDSRCADDR for interface-automatic or IP_PKTINFO.
- for NSEC3 check if signatures are cached.
15 March 2010: Wouter
- unit test for util/regional.c.

8
validator/val_nsec3.c
View File

@ -48,6 +48,7 @@
#include "validator/val_nsec3.h"
#include "validator/validator.h"
#include "validator/val_kentry.h"
#include "services/cache/rrset.h"
#include "util/regional.h"
#include "util/rbtree.h"
#include "util/module.h"
@ -1254,8 +1255,15 @@ list_is_secure(struct module_env* env, struct val_env* ve,
size_t i;
enum sec_status sec;
for(i=0; i<num; i++) {
struct packed_rrset_data* d = (struct packed_rrset_data*)
list[i]->entry.data;
if(list[i]->rk.type != htons(LDNS_RR_TYPE_NSEC3))
continue;
if(d->security == sec_status_secure)
continue;
rrset_check_sec_status(env->rrset_cache, list[i], *env->now);
if(d->security == sec_status_secure)
continue;
sec = val_verify_rrset_entry(env, ve, list[i], kkey, reason);
if(sec != sec_status_secure) {
verbose(VERB_ALGO, "NSEC3 did not verify");