mirror of
https://github.com/NLnetLabs/unbound.git
synced 2024-09-21 14:47:09 +00:00
Faster nsec3.
git-svn-id: file:///svn/unbound/trunk@2044 be551aaa-1e26-0410-a405-d3ace91eadb9
This commit is contained in:
parent
6fb53c7c93
commit
367c2abbf3
@ -2,6 +2,7 @@
|
||||
- Fix interface-automatic for OpenBSD: msg.controllen was too small,
|
||||
also assertions on ancillary data buffer.
|
||||
- check for IP_SENDSRCADDR for interface-automatic or IP_PKTINFO.
|
||||
- for NSEC3 check if signatures are cached.
|
||||
|
||||
15 March 2010: Wouter
|
||||
- unit test for util/regional.c.
|
||||
|
@ -48,6 +48,7 @@
|
||||
#include "validator/val_nsec3.h"
|
||||
#include "validator/validator.h"
|
||||
#include "validator/val_kentry.h"
|
||||
#include "services/cache/rrset.h"
|
||||
#include "util/regional.h"
|
||||
#include "util/rbtree.h"
|
||||
#include "util/module.h"
|
||||
@ -1254,8 +1255,15 @@ list_is_secure(struct module_env* env, struct val_env* ve,
|
||||
size_t i;
|
||||
enum sec_status sec;
|
||||
for(i=0; i<num; i++) {
|
||||
struct packed_rrset_data* d = (struct packed_rrset_data*)
|
||||
list[i]->entry.data;
|
||||
if(list[i]->rk.type != htons(LDNS_RR_TYPE_NSEC3))
|
||||
continue;
|
||||
if(d->security == sec_status_secure)
|
||||
continue;
|
||||
rrset_check_sec_status(env->rrset_cache, list[i], *env->now);
|
||||
if(d->security == sec_status_secure)
|
||||
continue;
|
||||
sec = val_verify_rrset_entry(env, ve, list[i], kkey, reason);
|
||||
if(sec != sec_status_secure) {
|
||||
verbose(VERB_ALGO, "NSEC3 did not verify");
|
||||
|
Loading…
Reference in New Issue
Block a user